rspec/rules/S3330/ask-yourself.adoc

== Ask Yourself Whether

* the cookie is sensitive, used to authenticate the user, for instance a _session-cookie_ 
* the ``++HttpOnly++`` attribute offer an additional protection (not the case for an _XSRF-TOKEN cookie_ / CSRF token for example)

There is a risk if you answered yes to any of those questions.
Add rules 3000-3999 2020-06-30 12:48:39 +02:00			`== Ask Yourself Whether`

			`* the cookie is sensitive, used to authenticate the user, for instance a _session-cookie_`
make in-line code blocks verbatim 2021-01-27 13:42:22 +01:00			* the ``++HttpOnly++`` attribute offer an additional protection (not the case for an _XSRF-TOKEN cookie_ / CSRF token for example)
Add rules 3000-3999 2020-06-30 12:48:39 +02:00
			`There is a risk if you answered yes to any of those questions.`