Security

Can Splunk Accept Cookies With Colon Embedded?

mzorzi
Splunk Employee
Splunk Employee

If I have cookies set in my domain and when I try to connect via FQDN, I get:


"400 Bad Request"

Illegal cookie name DACS:DGINET::DGI:manon


After investigating on the web, I've found the following

www.cherrypy.org/868

where it is explained that Cookies with colon are considered not compatible with RFC 2965.

Firefox and IE and other applications can accept this format, is there a way to make it working in Splunk as well?

Tags (1)
1 Solution

hexx
Splunk Employee
Splunk Employee

This matter has been evaluated by our UI dev team and I will take the liberty to post their response here :

"Fixing cherrypy to accept bad cookies would require that we stop using the standard python cookie library and write our own. The only fix is to replace cherrypy's cookie handler and write (or use) another handler. Unfortunately there isn't a quick patch to be had."

View solution in original post

zachvida
Path Finder

We had a similar issue. Not sure if the spec changed from when our cookie was made? But we apparently never noticed the issue because we were not fully qualifying the address when going to splunk login page. Meaning that our site-wide single sign on cookies where not being applied. The long term solution is to fix any cookies you might be submitting to the interface.

0 Karma

hexx
Splunk Employee
Splunk Employee

This matter has been evaluated by our UI dev team and I will take the liberty to post their response here :

"Fixing cherrypy to accept bad cookies would require that we stop using the standard python cookie library and write our own. The only fix is to replace cherrypy's cookie handler and write (or use) another handler. Unfortunately there isn't a quick patch to be had."

Get Updates on the Splunk Community!

Adoption of RUM and APM at Splunk

    Unleash the power of Splunk Observability   Watch Now In this can't miss Tech Talk! The Splunk Growth ...

March Community Office Hours Security Series Uncovered!

Hello Splunk Community! In March, Splunk Community Office Hours spotlighted our fabulous Splunk Threat ...

Stay Connected: Your Guide to April Tech Talks, Office Hours, and Webinars!

Take a look below to explore our upcoming Community Office Hours, Tech Talks, and Webinars in April. This post ...