Cookies
Cookies lists all cookies that AppScan found during the
scan, whether set by responses, generated by Javascripts, or already
on the host before the scan.
- The Result List shows all cookies found during the Explore stage.
For each cookie the list shows whether tracked, name, set-cookie URL,
values, whether excluded from testing, path, domain, expire date,
whether secure, context.Note: The URL listed is the one that leads to the response that set the cookie (even if there were others that included the Set Cookie command). If the cookie was not set by a response (for example, if it was generated by a Javascript, or already present on the host) N/A is displayed in the Response URL field.
- You can add any cookie to the list in the Configuration dialog box by right-clicking and selecting Add this cookie to the Parameters and Cookies tab list. The Parameter Definition dialog box opens, to configure AppScan's treatment of this cookie.
- When a particular cookie is selected the Detail pane shows:
Item Description Path The specific folder or subfolder in your application to which this cookie is sent. The path attribute is used to specify the subset of URLs in a domain for which the cookie is valid. If a cookie has already passed domain matching (next item), then the pathname component of the URL is compared with the path attribute, and if there is a match, the cookie is considered valid and is sent along with the URL request. Domain To which domain or sub-domain this cookie will be sent. (If Domain is not set, the cookie is sent to the domain which issued the Set Cookie command, and all sub-domains.) Expires The date and time that the cookie will expire and be removed from the user's machine. Secure Yes (secured) or No. If a cookie is marked Secure, it will only be transmitted if the communications channel with the host is secure (currently only to HTTPS servers). If Secure is not specified, a cookie is considered safe to be sent over all channels. Request URL The first request that AppScan sent with the cookie.