CookieSentry

CookieSentry is a web app (with a lightweight browser extension) that continuously audits your production web app’s session and auth cookies for real-world misconfigurations. It detects missing HttpOnly/Secure/SameSite flags, overly broad domains/paths, risky expiration policies, inconsistent cookie rotation, and session fixation patterns across login/logout flows. It also simulates common edge cases—cross-site redirects, subdomain takeovers, mixed-content pages, and third-party embeds—to surface where cookies leak or become usable in unintended contexts. Unlike generic scanners that dump noisy findings, CookieSentry focuses on a narrow, high-impact surface area and produces developer-ready fixes with framework-specific guidance (Express, Rails, Django, Spring). It integrates with CI to block releases when cookie regressions appear and provides a simple dashboard for security and engineering to track remediation over time.