Java Cookie Samesite None Header
Description
Detects when cookies are configured with SameSite=None in Java Spring applications through header manipulation. This configuration makes cookies vulnerable to cross-site request forgery (CSRF) attacks since cookies will be sent in cross-site requests, potentially allowing attackers to perform unauthorized actions on behalf of authenticated users.
Detection Strategy
• Identifies cookie-related header operations using methods like 'header', 'setHeader', or 'headers'
• Checks if the first argument is 'Set-Cookie' header
• Examines the cookie configuration string to find if SameSite attribute is explicitly set to 'None'
• Reports a vulnerability when a cookie header is set with SameSite=None configuration
Vulnerable code example
import javax.servlet.http.HttpServletResponse;
public class InsecureCookieExample {
public void setInsecureCookie(HttpServletResponse response) {
// Vulnerable: Setting SameSite=None without proper security attributes
response.setHeader("Set-Cookie", "sessionId=12345; Path=/; SameSite=None");
// Also vulnerable: Using header() method with same insecure pattern...✅ Secure code example
import javax.servlet.http.HttpServletResponse;
public class SecureCookieExample {
public void setSecureCookie(HttpServletResponse response) {
// Safe: Added HttpOnly, Secure flags and using Strict SameSite
response.setHeader("Set-Cookie", "sessionId=12345; Path=/; HttpOnly; Secure; SameSite=Strict");
// Safe: Using all required security attributes for authentication cookie...Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.