Security

Can Splunk Accept Cookies With Colon Embedded?

mzorzi
Splunk Employee
Splunk Employee

If I have cookies set in my domain and when I try to connect via FQDN, I get:


"400 Bad Request"

Illegal cookie name DACS:DGINET::DGI:manon


After investigating on the web, I've found the following

www.cherrypy.org/868

where it is explained that Cookies with colon are considered not compatible with RFC 2965.

Firefox and IE and other applications can accept this format, is there a way to make it working in Splunk as well?

Tags (1)
1 Solution

hexx
Splunk Employee
Splunk Employee

This matter has been evaluated by our UI dev team and I will take the liberty to post their response here :

"Fixing cherrypy to accept bad cookies would require that we stop using the standard python cookie library and write our own. The only fix is to replace cherrypy's cookie handler and write (or use) another handler. Unfortunately there isn't a quick patch to be had."

View solution in original post

zachvida
Path Finder

We had a similar issue. Not sure if the spec changed from when our cookie was made? But we apparently never noticed the issue because we were not fully qualifying the address when going to splunk login page. Meaning that our site-wide single sign on cookies where not being applied. The long term solution is to fix any cookies you might be submitting to the interface.

0 Karma

hexx
Splunk Employee
Splunk Employee

This matter has been evaluated by our UI dev team and I will take the liberty to post their response here :

"Fixing cherrypy to accept bad cookies would require that we stop using the standard python cookie library and write our own. The only fix is to replace cherrypy's cookie handler and write (or use) another handler. Unfortunately there isn't a quick patch to be had."

Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Quick connection discovery mode for forwarders

When a Splunk forwarder loses connectivity to its indexers, it does not always reconnect immediately. In many ...

Build and Launch AI Agents from Your Splunk Workflows

  Register We’ve all been there: juggling alerts, runbooks, and endless manual searches. What if you could ...

Splunk Cloud Application Management in Terraform

Register   On Tuesday, August 4 at 11AM PDT / 2PM EDT, we’re diving into how you can bring Infrastructure as ...