Session Cookie scoped to parent domain

Description

This session cookie is scoped to the parent domain instead of a sub-domain. If a cookie is scoped to a parent domain, then this cookie will be accessible by the parent domain and also by any other sub-domains of the parent domain. This could lead to security problems.

Remediation

If possible, the session cookie should be scoped strictly to a sub-domain.

Severity
Classification
Tags
  • Configuration