Security

Can Splunk Accept Cookies With Colon Embedded?

mzorzi
Splunk Employee
Splunk Employee

If I have cookies set in my domain and when I try to connect via FQDN, I get:


"400 Bad Request"

Illegal cookie name DACS:DGINET::DGI:manon


After investigating on the web, I've found the following

www.cherrypy.org/868

where it is explained that Cookies with colon are considered not compatible with RFC 2965.

Firefox and IE and other applications can accept this format, is there a way to make it working in Splunk as well?

Tags (1)
1 Solution

hexx
Splunk Employee
Splunk Employee

This matter has been evaluated by our UI dev team and I will take the liberty to post their response here :

"Fixing cherrypy to accept bad cookies would require that we stop using the standard python cookie library and write our own. The only fix is to replace cherrypy's cookie handler and write (or use) another handler. Unfortunately there isn't a quick patch to be had."

View solution in original post

zachvida
Path Finder

We had a similar issue. Not sure if the spec changed from when our cookie was made? But we apparently never noticed the issue because we were not fully qualifying the address when going to splunk login page. Meaning that our site-wide single sign on cookies where not being applied. The long term solution is to fix any cookies you might be submitting to the interface.

0 Karma

hexx
Splunk Employee
Splunk Employee

This matter has been evaluated by our UI dev team and I will take the liberty to post their response here :

"Fixing cherrypy to accept bad cookies would require that we stop using the standard python cookie library and write our own. The only fix is to replace cherrypy's cookie handler and write (or use) another handler. Unfortunately there isn't a quick patch to be had."

Get Updates on the Splunk Community!

Fall Into Learning with New Splunk Education Courses

Every month, Splunk Education releases new courses to help you branch out, strengthen your data science roots, ...

Super Optimize your Splunk Stats Searches: Unlocking the Power of tstats, TERM, and ...

By Martin Hettervik, Senior Consultant and Team Leader at Accelerate at Iver, Splunk MVPThe stats command is ...

How Splunk Observability Cloud Prevented a Major Payment Crisis in Minutes

Your bank's payment processing system is humming along during a busy afternoon, handling millions in hourly ...