Splunk Enterprise Security
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Cookie login - Secure set to true and httponly

DanielSp
Explorer
‎09-18-2020 03:59 AM

Hello,

Do you know how I can put HttpOnly and Secure to true in cookie login?

Security team request It to me.

DanielSp_0-1600426505817.png

It happens in splunk local account login

I have web.conf correctly to true in httponly and set to secure

Thanks a lot¡¡

Regards

Daniel

Labels (2)
Reply

inventsekar
SplunkTrust
SplunkTrust
‎09-18-2020 05:07 AM

web.conf:

tools.sessions.httponly = [True | False]
    * If set to True then the session cookie will be made unavailable
      to running javascript scripts, increasing session security
    * Defaults to True

tools.sessions.secure = [True | False]
    * If set to True and Splunkweb is configured to server requests using HTTPS
      (see the enableSplunkWebSSL setting) then the browser will only transmit
      the session cookie over HTTPS connections, increasing session security
      * Defaults to True

 

Can you copy paste your web.conf here please(after removing/editing/hiding the values related to your splunk environment, like hostname, etc) 

thanks and best regards,
Sekar

PS - If this or any post helped you in any way, pls consider upvoting, thanks for reading !
0 Karma
Reply

DanielSp
Explorer
‎09-21-2020 12:32 AM

Hello,

I have not this file in my local web.conf and It appears in web.conf from /opt/splunk/etc/system/default

...


# user session configuration
# You really don't want to turn this off
tools.sessions.on = True
tools.sessions.timeout = 60

# Set to False to expire the session cookie when the browser exits
tools.sessions.restart_persist = True

# Set to False to allow the session cookie to be read by javascript
tools.sessions.httponly = True

# Set to False to allow the session cookie to be accessible to insecure pages
tools.sessions.secure = True

# Set to True to force cookie secure flag when splunkweb is behind proxy server
tools.sessions.forceSecure = False

...

As you can see It already appears by default

Thanks¡

Regards

Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey
Register for .conf25!
Get Updates on the Splunk Community!

Observe and Secure All Apps with Splunk

 Join Us for Our Next Tech Talk: Observe and Secure All Apps with SplunkAs organizations continue to innovate ...

What's New in Splunk Observability - August 2025

What's New We are excited to announce the latest enhancements to Splunk Observability Cloud as well as what is ...

Introduction to Splunk AI

How are you using AI in Splunk? Whether you see AI as a threat or opportunity, AI is here to stay. Lucky for ...