# Cookie Security Flags Configuration

- ID: javascript-express-cookie-security-flags
- Severity: MEDIUM
- Languages: JavaScript, TypeScript
- Frameworks: express

## Description

Detects missing or improperly configured security flags (httpOnly, secure, sameSite) on HTTP cookies in Express.js applications.

## Detection Message

Cookies lack proper security flags (httpOnly, secure, sameSite)

## Remediation

Configure all cookies with appropriate security flags:
- httpOnly: true (prevent XSS access)
- secure: true (HTTPS only)
- sameSite: 'strict' or 'lax' (CSRF protection)

## Documentation

[object Object]

## Related Rules

- **Docker Build Optimization and Best Practices** [LOW]: 
- **Docker Compose Obsolete Version Field** [LOW]: 
- **Docker File Operations Best Practices** [LOW]: 
- **Invalid Port Number in EXPOSE** [ERROR]: 
- **Multiple ENTRYPOINT Instructions** [MEDIUM]: