ISC2 Certified Secure Software Lifecycle Professional (CSSLP) Practice Question
An e-commerce web application stores a 256-bit random session ID in a cookie that is marked Secure and HttpOnly, but the developer explicitly sets the cookie's SameSite attribute to None. What risk still exists because of this configuration choice?
Session fixation because the token value can be reused by another client
Cross-site request forgery that leverages the user's authenticated session
Clickjacking attacks through hidden iframes
Man-in-the-middle interception of the session token over the network
Setting SameSite to None instructs the browser to include the session cookie with every cross-origin request. A malicious site can therefore trick a logged-in shopper's browser into sending forged GET or POST requests to the e-commerce domain, performing actions under the user's active session-classic cross-site request forgery (CSRF). Using SameSite=Lax or Strict would stop this. The other options are unrelated: a strong, randomly generated token mitigates session fixation; clickjacking is addressed by framing controls such as X-Frame-Options; the Secure flag already protects the cookie from network interception.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is the SameSite cookie attribute, and why is it important?
Open an interactive chat with Bash
How does Cross-Site Request Forgery (CSRF) work?
Open an interactive chat with Bash
What does the HttpOnly and Secure cookie flag do?
Open an interactive chat with Bash
What is the SameSite cookie attribute and its significance in security?
Open an interactive chat with Bash
How does the Secure flag protect cookies from interception?
Open an interactive chat with Bash
What is the HttpOnly flag and how does it help prevent attacks?
Open an interactive chat with Bash
ISC2 Certified Secure Software Lifecycle Professional (CSSLP)
Secure Software Implementation
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .