Set-Cookie: ACEGI_SECURITY_HASHED_REMEMBER_ME_COOKIE=; Path=/;...Max-Age=0; Secure; HttpOnly
Verify that the domain has not
been set too loosely. It should only be set for the server that needs to receive the cookie. For
example: If the application resides on the server
app.mysite.com, then it should be set to ;
domain=
app.mysite.com and not to ; domain=.
mysite.com as this would allow other potentially
vulnerable servers to receive the cookie. Path: Verify that the Path attribute has not been set too
loosely. Even if the Domain attribute has been configured securely, if the path is set to the root
directory / then it can be vulnerable to less secure applications on the same server. For example: If
the application resides at /myapp/, then verify that the cookies path is set to ; path=/myapp/ and not to
; path=/.