Security

How to make session cookies secure and httponly in Splunk 6.2.1?

shailesh030
Path Finder

We have splunk 6.2.1 running in our environment. As part of security review procedures, any dashboards we create need to be run through an automated security review product like hailstorm. One of the attributes it is checking for is that session cookies are secured & httponly. I do see that etc/system/default/web.conf has tools.sessions.httponly and tools.sessions.secure set to True. I assume this should have secured all session cookies, but the review tool is pointing out session cookies are not secured. Excerpt of the review report generated below

1 Vulnerable (Medium 😞 https://Hostname:port number/en-US/config?autoload=1
Message: session_id_XXXX Cookie has problem(s)
session_id_XXXX = dab6da5b7167dba10f6e88a8g725e319be90ed8c;
Host = Hostname;
Path = /
1. Cookie does not have secure attribute.

Cookie Vulnerabilities

Is there any other setting which needs to be enabled to make session cookies secure & httponly?

Tags (3)
0 Karma
1 Solution

nmistry_splunk
Splunk Employee
Splunk Employee

nmistry_splunk
Splunk Employee
Splunk Employee