Security

How to make session cookies secure and httponly in Splunk 6.2.1?

shailesh030
Path Finder

We have splunk 6.2.1 running in our environment. As part of security review procedures, any dashboards we create need to be run through an automated security review product like hailstorm. One of the attributes it is checking for is that session cookies are secured & httponly. I do see that etc/system/default/web.conf has tools.sessions.httponly and tools.sessions.secure set to True. I assume this should have secured all session cookies, but the review tool is pointing out session cookies are not secured. Excerpt of the review report generated below

1 Vulnerable (Medium 😞 https://Hostname:port number/en-US/config?autoload=1
Message: session_id_XXXX Cookie has problem(s)
session_id_XXXX = dab6da5b7167dba10f6e88a8g725e319be90ed8c;
Host = Hostname;
Path = /
1. Cookie does not have secure attribute.

Cookie Vulnerabilities

Is there any other setting which needs to be enabled to make session cookies secure & httponly?

Tags (3)
0 Karma
1 Solution

nmistry_splunk
Splunk Employee
Splunk Employee

nmistry_splunk
Splunk Employee
Splunk Employee

This is fixed in 6.2.3

Get Updates on the Splunk Community!

Prove Your Splunk Prowess at .conf25—No Prereqs Required!

Your Next Big Security Credential: No Prerequisites Needed We know you’ve got the skills, and now, earning the ...

Splunk Observability Cloud's AI Assistant in Action Series: Observability as Code

This is the sixth post in the Splunk Observability Cloud’s AI Assistant in Action series that digs into how to ...

Splunk Answers Content Calendar, July Edition I

Hello Community! Welcome to another month of Community Content Calendar series! For the month of July, we will ...