0

I've two applications with a common domain name i.e let's say www.kishore.com/travelSite and www.kishore.com/researchSite.
So, in the travelSite I'm creating a cookie as below

Cookie cookie = new Cookie("someName","someValue");
cookie.setSecure(true);
cookie.setHttpOnly(true);
cookie.setPath("/");

Here the reason I'm setting Path to / in travelSite is because, I want this cookie to be used in researchSite. But the problem is, when I send this code for scanning, it says it's vulnerable to use context path i.e /.
Setting this /travelSite could eliminate vulnerable error in scanning but can't be used the the researchSite.

Wanted to know if there is a workaround? Can I set domain name i.e kishore.com in the cookie path. If so how?

Kishore Kumar Korada
  • 1,204
  • 6
  • 22
  • 47
  • What do you think `setDomain` on the `Cookie` does? – M. Deinum Nov 18 '21 at 08:11
  • @M.Deinum It sets the domain name i.e setDomain("Kishore.com") ? If I'm not wrong. But still when we set setPath("/") it'll be like Kishore.com/ only right. which is the root context? – Kishore Kumar Korada Nov 18 '21 at 08:23
  • Correct (and which should be mainly the same as now). So you either specify multiple cookies or ignore the warning. Or find a different way instead of a cookie (like a header). – M. Deinum Nov 18 '21 at 08:50

0 Answers0