We have splunk 6.2.1 running in our environment. As part of security review procedures, any dashboards we create need to be run through an automated security review product like hailstorm. One of the attributes it is checking for is that session cookies are secured & httponly. I do see that etc/system/default/web.conf has tools.sessions.httponly and tools.sessions.secure set to True. I assume this should have secured all session cookies, but the review tool is pointing out session cookies are not secured. Excerpt of the review report generated below

shailesh030 · ‎09-09-2015

We have splunk 6.2.1 running in our environment. As part of security review procedures, any dashboards we create need to be run through an automated security review product like hailstorm. One of the attributes it is checking for is that session cookies are secured & httponly. I do see that etc/system/default/web.conf has tools.sessions.httponly and tools.sessions.secure set to True. I assume this should have secured all session cookies, but the review tool is pointing out session cookies are not secured. Excerpt of the review report generated below

1 Vulnerable (Medium 😞 https://Hostname:port number/en-US/config?autoload=1
Message: session_id_XXXX Cookie has problem(s)
session_id_XXXX = dab6da5b7167dba10f6e88a8g725e319be90ed8c;
Host = Hostname;
Path = /
1. Cookie does not have secure attribute.

Cookie Vulnerabilities

Is there any other setting which needs to be enabled to make session cookies secure & httponly?

nmistry_splunk · ‎09-09-2015

This is fixed in 6.2.3

View solution in original post

nmistry_splunk · ‎09-09-2015

This is fixed in 6.2.3

How to make session cookies secure and httponly in Splunk 6.2.1?

Cookie Vulnerabilities

Get Schooled with Splunk Education: Explore Our Latest Courses

Splunk AI Assistant for SPL | Key Use Cases to Unlock the Power of SPL

Buttercup Games: Further Dashboarding Techniques (Part 5)