Sensitive data stored in a cookie detected.

  • Rule ID: ruby_lang_cookies
  • Languages: ruby
  • Source: cookies.yml


Storing sensitive data in cookies can lead to a data breach. This rule looks for instances where sensitive data is stored in browser cookies.


❌ Avoid storing sensitive data in unencrypted cookies messages:

cookies[:user_email] = ""

✅ To ensure cookie data stays safe, use encrypted cookies:

cookies.encrypted[:user_email] = ""


Associated CWE

OWASP Top 10