Patched src/com/ibm/security/appscan/altoromutual/servlet/LoginServlet.java

patched.codes[bot] · patched.codes[bot] · commit 9776819e464f · 2024-05-01T22:07:12.000+08:00
diff --git a/src/com/ibm/security/appscan/altoromutual/servlet/LoginServlet.java b/src/com/ibm/security/appscan/altoromutual/servlet/LoginServlet.java
@@ -92,6 +92,8 @@ protected void doPost(HttpServletRequest request, HttpServletResponse response)
 		//Handle the cookie using ServletUtil.establishSession(String)
 		try{
 			Cookie accountCookie = ServletUtil.establishSession(username,session);
+			accountCookie.setSecure(true);
+			accountCookie.setHttpOnly(true);
 			response.addCookie(accountCookie);
 			response.sendRedirect(request.getContextPath()+"/bank/main.jsp");
 			}

Original file line number	Diff line number	Diff line change
`@@ -92,6 +92,8 @@ protected void doPost(HttpServletRequest request, HttpServletResponse response)`
`92`	`92`	`//Handle the cookie using ServletUtil.establishSession(String)`
`93`	`93`	`try{`
`94`	`94`	`Cookie accountCookie = ServletUtil.establishSession(username,session);`
	`95`	`+ accountCookie.setSecure(true);`
	`96`	`+ accountCookie.setHttpOnly(true);`
`95`	`97`	`response.addCookie(accountCookie);`
`96`	`98`	`response.sendRedirect(request.getContextPath()+"/bank/main.jsp");`
`97`	`99`	`}`