🚀 Join our AI Wargame at Black Hat Asia and our Workshop + Wargame at NDC Sydney .

Session Cookie with No maxAge

Without Max-Age a session cookie can remain in the browser for a pro-long time. This increases risk of session hijack.

Remediation

Specify Max-Age and set it to a shorted span of time a cookie should remain in the browser.

Metadata

  • Severity: informational
  • Slug: session-cookie-with-no-maxage

CWEs

  • 613: Insufficient Session Expiration

OWASP

  • A02:2021: Cryptographic Failures

Available Labs

Open Javascript labs in SecDim Play for this vulnerability.

Try it yourself

Find, Hack and Fix Your First Vulnerability

Reading about security bugs is one thing — fixing one is how the skill sticks. Play a free challenge from the wargame, no setup required.