Insecure cookie High

1var cookieSession = require('cookie-session')
2var express = require('express')
3var app = express()
4function insecureCookieNoncompliant() {
5    let session = app.use(cookieSession({
6        name: 'session',
7        secret: "secret",
8        // Noncompliant: setting `httpOnly` to false makes cookie insecure.
9        httpOnly: false,
10    }))
11}

1var cookieSession = require('cookie-session')
2var express = require('express')
3var app = express()
4function insecureCookieCompliant() {
5    // Compliant: by default `httpOnly` is set to true and thus makes cookie secure.
6    let session = app.use(cookieSession({
7        name: 'session',
8        secret: "secret",
9    }))
10}