rspec/rules/S6287/rationale.adoc

Session Cookie Injections occur when a web application assigns session cookies
to users using untrusted data.

Session cookies are used by web applications to identify users. Thus,
controlling these enable control over the identity of the users within the
application.

The injection might occur via a GET parameter, and the payload, for example,
`https://example.com?cookie=injectedcookie`, delivered using phishing
techniques.
[APPSEC-116] Modify rule S6287: Educational content (#1216) 2022-09-08 11:06:29 +02:00			`Session Cookie Injections occur when a web application assigns session cookies`
			`to users using untrusted data.`

			`Session cookies are used by web applications to identify users. Thus,`
			`controlling these enable control over the identity of the users within the`
			`application.`

			`The injection might occur via a GET parameter, and the payload, for example,`
			`https://example.com?cookie=injectedcookie`, delivered using phishing
			`techniques.`