From 1315ad00766a190bc4495f605981ade74645d6bd Mon Sep 17 00:00:00 2001
From: "nightvision-pr-creator[bot]"
 <nightvision-pr-creator[bot]@users.noreply.github.com>
Date: Mon, 2 Feb 2026 15:14:26 +0000
Subject: [PATCH] fix: Security remediation for Sensitive cookie missing
 HttpOnly/Secure flags

---
 src/main/java/hawk/controller/LoginController.java | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/src/main/java/hawk/controller/LoginController.java b/src/main/java/hawk/controller/LoginController.java
index f6f329c..af734e7 100644
--- a/src/main/java/hawk/controller/LoginController.java
+++ b/src/main/java/hawk/controller/LoginController.java
@@ -54,7 +54,10 @@ public String loginCode(HttpServletRequest req, HttpServletResponse resp, Model
         String sessId = req.getSession().getId();
         String cookieCode = UUID.randomUUID().toString();
         loginCodes.put("cookie-" + sessId, cookieCode);
-        resp.addCookie(new Cookie("XLOGINID", cookieCode));
+        Cookie cookie = new Cookie("XLOGINID", cookieCode);
+        cookie.setHttpOnly(true);
+        cookie.setSecure(true);
+        resp.addCookie(cookie);
         return "redirect:/login-form-multi";
     }