Security
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Illegal cookie name

kkalmbach
Path Finder
‎10-21-2010 02:01 PM

I think this is similar to http://answers.splunk.com/questions/3602/can-splunk-accept-cookies-with-colon-embedded but not exactly.

It seems that when I have a domain wide cookie set, I can never get to splunk (if I use a fully qualified domain name to access splunk).

Even if the cookie names appear valid, I still get an error from splunk. Here is one example.

400 Bad Request

Illegal cookie name AtworkEnv

Traceback (most recent call last): File "/opt/splunk/splunk/lib/python2.6/site-packages/cherrypy/_cprequest.py", line 581, in respond self.process_headers() File "/opt/splunk/splunk/lib/python2.6/site-packages/cherrypy/_cprequest.py", line 653, in process_headers raise cherrypy.HTTPError(400, msg) HTTPError: (400, 'Illegal cookie name AtworkEnv')

The domain wide cookies are set by an ap that we have no control over (and must goto daily). Also, I must use a fully qualified domain name to access splunk (we have different domain at my work).

Has anyone found a workaround for this?

Thanks

Kevin

Tags (3)
Reply

mfeeny1
Path Finder
‎07-09-2012 01:23 PM

So, I'm gathering that the workarounds to this issue are as follows:

1) Clear cookies, and try again

or...

2) Use Firefox (which has worked for me).

Am I correct? Is there anything else I can tell my Splunk users?

thx,
mfeeny1

Reply

nicci
Engager
‎06-19-2014 07:31 AM

Just wanted to say THANK YOU for this!! I've had this illegal cookie issue for MONTHS, and so far everyone I've bothered to help me looked at me like I have two heads... Firefox WORKS!!! 🙂

Reply

splunk_zen
Builder
‎06-15-2012 01:53 AM

Any progress on handling the illegal cookies?
Cherrypy just forbid me from accessing Splunk frontend after accessing a Zabbix instance on the same server:

'Illegal cookie name cb_/zabbix/items.php_parts'

0 Karma
Reply

vbumgarn
Path Finder
‎12-01-2011 08:47 AM

Bump. This just bit me again, this time with glassfish admin cookies.

This is a problem somewhere in Cookie.py.

Anyone have a little fix? Maybe something borrowed from a newer Python? I see on the tubes that this is a problem for Google Analytics, as well, as they use cookies with colons in the name.

Reply

vbumgarner
Contributor
‎03-28-2011 03:55 PM

It looks like commenting out line 653 will stop the error from killing the request. I will make sure this is filed as a bug with CherryPy.

Reply

kkalmbach
Path Finder
‎04-04-2011 07:47 PM

This does not seem to work reliably.
The Cookie.py stops processing (and raises the error) when it hits the first error.
So if the "Cookie" header contains:
good=value; b:ad=value
Things are fine with that line commented out.
If the value of "Cookie" is:
b:ad=value; good=value
Then Cookie.py stops processing and the good=value is never read in.
I think we need to comment out the raise in Cookie.py

0 Karma
Reply

kkalmbach
Path Finder
‎10-21-2010 02:11 PM

Looking at it closer, it appears there are 2 issues:

  • The first is that splunk fails with cookie names with colons in them (like the referenced issue)

  • The second is that splunk is reporting the wrong cookie name when complaining about a cookie

Not sure what we are going to do, but it would be best if splunk could handle the illegal cookie names.

0 Karma
Reply
Get Updates on the Splunk Community!

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

Get Inspired! We’ve Got Validation that Your Hard Work is Paying Off

We love our Splunk Community and want you to feel inspired by all your hard work! Eric Fusilero, our VP of ...