🚀 Join our AI Wargame at Black Hat Asia and our Workshop + Wargame at NDC Sydney .

Improper Cookie SameSite Attribute

Cookie SameSite attribute restricts how cookies are sent to cross-domain requests. This is an effective measure against Cross Site Request Forgery (CSRF) attacks.

Remediation

Set SameSite=Strict for session cookies.

Metadata

  • Severity: informational
  • Slug: improper-cookie-samesite-attribute

CWEs

  • 1275: Sensitive Cookie with Improper SameSite Attribute
  • 352: Cross-Site Request Forgery (CSRF)

OWASP

  • A01:2021: Broken Access Control

Available Labs

Open Javascript labs in SecDim Play for this vulnerability.

Try it yourself

Find, Hack and Fix Your First Vulnerability

Reading about security bugs is one thing — fixing one is how the skill sticks. Play a free challenge from the wargame, no setup required.