Avoid permissive Express session cookie scope | Critiq Docs

#Metadata

Rule ID: ts.security.express-permissive-cookie-config
Severity: medium
Confidence: 0.89
Languages: javascript, typescript
Presets: security, strict
Stability: stable
Applies to: block
Tags: authentication, cookies, express, rules-catalog, security

#Why it matters

Broad cookie scope increases where session cookies are sent and makes cross-site misuse harder to contain.

#Remediation

Prefer exact cookie domains and `SameSite=Lax` or `Strict` unless a reviewed cross-site requirement exists.

#Repository path

The generated metadata points to critiq-rules/libs/rules/catalog/rules/typescript/ts.security.express-permissive-cookie-config.rule.yaml.

Back to registry Open rule in repository