# Insecure Cookie Configuration

- ID: python-insecure-cookie
- Severity: MEDIUM
- CWE: Sensitive Cookie Without Secure Flag (CWE-614)
- Languages: Python
- Frameworks: flask, django, fastapi

## Description

Detects cookies set without httpOnly, secure, or sameSite flags. Missing
flags make cookies vulnerable to XSS, MITM, and CSRF attacks.

## Remediation

Set secure, httponly, and samesite flags on all cookies.

```python
response.set_cookie(
    'session_id',
    value=token,
    secure=True,
    httponly=True,
    samesite='Strict'
)
```

Learn more: https://shoulder.dev/learn/python/cwe-614/insecure-cookie

## Documentation

[object Object]

## Related Rules

- **Flask Insecure Session Configuration** [MEDIUM]: