Description
Recent CodeQL scans found an issue in a file in the msal4j-sdk samples folder: #899
The samples here in the MSAL Java repository are simpler versions of our actual samples and are just meant for to help developers manually test different flows, and since they aren't part of any released package the warnings were suppressed.
However, this flagged code also exists in the real sample: https://github.com/Azure-Samples/ms-identity-msal-java-samples/blob/32f2740e43b88d9251d265f81c2d9e9d5b83ca45/1-server-side/msal-b2c-web-sample/src/main/java/com/microsoft/azure/msalwebsample/CookieHelper.java#L30
The real samples should always demonstrate best practices for security, MSAL, Azure, etc., and there are likely more issues like this where the convenience of writing the sample and teaching the main topic was prioritized over teaching secure behavior in general.