include::../description.adoc[]

include::../ask-yourself.adoc[]

include::../recommended.adoc[]

== Sensitive Code Example

https://www.npmjs.com/package/cookie-session[cookie-session] module:

----
let session = cookieSession({
  secure: false,// Sensitive
});  // Sensitive
----

https://www.npmjs.com/package/express-session[express-session] module:

----
const express = require('express');
const session = require('express-session');

let app = express();
app.use(session({
  cookie: 
  { 
    secure: false // Sensitive
  }
}));
----

https://www.npmjs.com/package/cookies[cookies] module:

----
let cookies = new Cookies(req, res, { keys: keys });

cookies.set('LastVisit', new Date().toISOString(), { 
  secure: false // Sensitive
}); // Sensitive
----

https://www.npmjs.com/package/csurf[csurf] module:

----
const cookieParser = require('cookie-parser');
const csrf = require('csurf');
const express = require('express');

let csrfProtection = csrf({ cookie: { secure: false }}); // Sensitive
----

== Compliant Solution

https://www.npmjs.com/package/cookie-session[cookie-session] module:

----
let session = cookieSession({
  secure: true,// Compliant
});  // Compliant
----

https://www.npmjs.com/package/express-session[express-session] module:

----
const express = require('express');
const session = require('express-session');

let app = express();
app.use(session({
  cookie: 
  { 
    secure: true // Compliant
  }
}));
----

https://www.npmjs.com/package/cookies[cookies] module:

----
let cookies = new Cookies(req, res, { keys: keys });

cookies.set('LastVisit', new Date().toISOString(), { 
  secure: true // Compliant
}); // Compliant
----

https://www.npmjs.com/package/csurf[csurf] module:

----
const cookieParser = require('cookie-parser');
const csrf = require('csurf');
const express = require('express');

let csrfProtection = csrf({ cookie: { secure: true }}); // Compliant
----

include::../see.adoc[]