include::../description.adoc[]

include::../ask-yourself.adoc[]

include::../recommended.adoc[]

== Sensitive Code Example

https://www.npmjs.com/package/cookie-session[cookie-session] module:

----
let session = cookieSession({
  httpOnly: false,// Sensitive
});  // Sensitive
----

https://www.npmjs.com/package/express-session[express-session] module:

----
const express = require('express'),
const session = require('express-session'),

let app = express()
app.use(session({
  cookie: 
  { 
    httpOnly: false // Sensitive
  }
})),
----

https://www.npmjs.com/package/cookies[cookies] module:

----
let cookies = new Cookies(req, res, { keys: keys });

cookies.set('LastVisit', new Date().toISOString(), { 
  httpOnly: false // Sensitive
}); // Sensitive
----

https://www.npmjs.com/package/csurf[csurf] module:

----
const cookieParser = require('cookie-parser');
const csrf = require('csurf');
const express = require('express');

let csrfProtection = csrf({ cookie: { httpOnly: false }}); // Sensitive
----

== Compliant Solution

https://www.npmjs.com/package/cookie-session[cookie-session] module:

[source,javascript]
----
let session = cookieSession({
  httpOnly: true,// Compliant
});  // Compliant
----

https://www.npmjs.com/package/express-session[express-session] module:

[source,javascript]
----
const express = require('express');
const session = require('express-session');

let app = express();
app.use(session({
  cookie: 
  { 
    httpOnly: true // Compliant
  }
}));
----

https://www.npmjs.com/package/cookies[cookies] module:

[source,javascript]
----
let cookies = new Cookies(req, res, { keys: keys });

cookies.set('LastVisit', new Date().toISOString(), { 
  httpOnly: true // Compliant
}); // Compliant
----

https://www.npmjs.com/package/csurf[csurf] module:

[source,javascript]
----
const cookieParser = require('cookie-parser');
const csrf = require('csurf');
const express = require('express');

let csrfProtection = csrf({ cookie: { httpOnly: true }}); // Compliant
----

include::../see.adoc[]

ifdef::env-github,rspecator-view[]

'''
== Implementation Specification
(visible only on this page)

include::../message.adoc[]

'''
== Comments And Links
(visible only on this page)

include::../comments-and-links.adoc[]
endif::env-github,rspecator-view[]