Dashboards & Visualizations
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

how to modify the expiry of splunkweb_csrf__token_443?

sarvesh_11
Communicator
‎02-20-2020 02:23 AM

Hey Splunkers,
Our security team, executed Micro Focus Vulnerability on 1 of our Splunk Application, We are stuck at resolving one of those vulnerabilities.
Please have a look in below content:

Request:
GET /en-US/splunkd/_raw/services/dmc-conf/settings/settings?
output_mode=json&=1580502716111 HTTP/1.1
Host: splunkhost.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:30.0) Gecko/20100101
Firefox/30.0
Accept: text/javascript, text/html, application/xml, text/xml, /
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Referer: https://splunkhost.com/en-US/app/launcher/home
Pragma: no-cache
Cookie: session_id_443=2d27370ac5f16e9354644d57ce1c121f9d040047;
splunkweb_uid=26C23B88-147C-4748-9114-30F3DA995665;
splunkd_443=QBb1wG72NPI89_yHW24v6Znjs^NKV70YtHeEUnJXKhFeTcfUoF^IRd982b1S6JUR
Gd4nTrC3g5TU_wxK4TlbljBml0SMmU6hebQlBvIKhXoNhUWlce4KBYA27aCa7NQ7mvo70LGO;
splunkweb_csrf_token_443=17486043298053400227;
login=true;CustomCookie=WebInspect156349ZX667F65AD929D4167B5A374A3F6AA6A51Y8
6EE
Connection: keep-alive
X-WIPP: AscVersion=X.X.X.X
X-Scan-Memo: SID="AA07BC3BA2A5D3254DB3183B066094A4";
SessionType="StartMacro"; CrawlType="None";
X-RequestManager-Memo: sid="1429"; smi="0";
Category="EventMacro.StartMacro"; MacroName="APP+360+Test.webmacro";
X-Request-Memo: ID="e95a1883-d78b-4fba-bcad-d72f4a691c71"; tid="295";

Response:

HTTP/1.1 404 Not Found
Date: Fri, 31 Jan 2020 20:31:56 GMT
Expires: Thu, 26 Oct 1978 00:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Content-Type: application/json; charset=UTF-8
X-Content-Type-Options: nosniff
Content-Length: 50
Vary: Cookie
Connection: Keep-Alive
Set-Cookie:
splunkd_443=QBb1wG72NPI89_yHW24v6Znjs^NKV70YtHeEUnJXKhFeTcfUoF^IRd982b1S6JUR
Gd4nTrC3g5TU_wxK4TlbljBml0SMmU6hebQlBvIKhXoNhUWlce4KBYA27aCa7NQ7mvo70LGO;
Path=/; Secure; HttpOnly; Max-Age=3600; Expires=Fri, 31 Jan 2020 21:31:56
GMT
Set-Cookie: splunkweb_csrf_token_443=17486043298053400227; Path=/; Secure;
Max-Age=157680000; Expires=Wed, 29 Jan 2025 20:31:56 GMT
X-Frame-Options: SAMEORIGIN
Server: Splunkd
...TRUNCATED...

We are using Splunk Enterprise 7.2

0 Karma
Reply

williaml_splunk
Splunk Employee
Splunk Employee
‎11-10-2020 08:16 PM

Please set this parameter as false in web.conf

tools.sessions.restart_persist = <boolean>
* Whether or not the session cookie is deleted from the browser when the
  browser quits.
* If set to "false", then the session cookie is deleted from the browser
  upon the browser quitting.
* If set to "true", then sessions persist across browser restarts, assuming
  the 'tools.sessions.timeout' has not been reached.
* Default: true

 

0 Karma
Reply
Get Updates on the Splunk Community!

Celebrating Fast Lane: 2025 Authorized Learning Partner of the Year

At .conf25, Splunk proudly recognized Fast Lane as the 2025 Authorized Learning Partner of the Year. This ...

Tech Talk Recap | Mastering Threat Hunting

Mastering Threat HuntingDive into the world of threat hunting, exploring the key differences between ...

Observability for AI Applications: Troubleshooting Latency

If you’re working with proprietary company data, you’re probably going to have a locally hosted LLM or many ...