DeepSource
Dashboard Resources Pricing Discover Directory Log in

Run your first analysis.

Find thousands of code security and quality issues in your codebase, before they end up in production.

Start now
Go

Go

Made by DeepSource
Use Analyzer

Audit Required: Insecure cookie for fiber sessions GO-S1040

Security
Major
 a01 owasp top 10

A secure cookie instructs the browser not to send the cookie in insecure contexts such as while using HTTP. This prevents session stealing via a MITM attack.

Bad practice

package main

import (
    "github.com/gofiber/fiber/v2"
    "github.com/gofiber/fiber/v2/middleware/session"
)

func main() {
    app := fiber.New()
    sess := session.New(session.Config{CookieSecure: false})
    app.Use(sess)
}

Recommended

package main

import (
    "github.com/gofiber/fiber/v2"
    "github.com/gofiber/fiber/v2/middleware/session"
)

func main() {
    app := fiber.New()
    sess := session.New(session.Config{CookieSecure: true})
    app.Use(sess)
}

References