Usage of default cookie configuration

Rule ID: javascript_express_default_cookie_config
Languages: javascript
Source: <a class="text-main dark:text-main-300 hover:underline" href="https://github.com/bearer/bearer-rules/blob/main/rules/javascript/express/default_cookie_config.yml">default_cookie_config.yml

Description

To make sure cookies don't open your application up to exploits or unauthorized access, don't use default cookie values.

✅ Instead of the default cookie name, use generic names.

✅ Always set a maxAge or expires value

To skip this rule during a scan, use the following flag

bearer scan /path/to/your-project/ --skip-rule=javascript_express_default_cookie_config

To run only this rule during a scan, use the following flag

bearer scan /path/to/your-project/ --only-rule=javascript_express_default_cookie_config