Splunk Enterprise Security

Cookie login - Secure set to true and httponly



Do you know how I can put HttpOnly and Secure to true in cookie login?

Security team request It to me.


It happens in splunk local account login

I have web.conf correctly to true in httponly and set to secure

Thanks a lot¡¡



Labels (2)

Super Champion


tools.sessions.httponly = [True | False]
    * If set to True then the session cookie will be made unavailable
      to running javascript scripts, increasing session security
    * Defaults to True

tools.sessions.secure = [True | False]
    * If set to True and Splunkweb is configured to server requests using HTTPS
      (see the enableSplunkWebSSL setting) then the browser will only transmit
      the session cookie over HTTPS connections, increasing session security
      * Defaults to True


Can you copy paste your web.conf here please(after removing/editing/hiding the values related to your splunk environment, like hostname, etc) 

0 Karma



I have not this file in my local web.conf and It appears in web.conf from /opt/splunk/etc/system/default


# user session configuration
# You really don't want to turn this off
tools.sessions.on = True
tools.sessions.timeout = 60

# Set to False to expire the session cookie when the browser exits
tools.sessions.restart_persist = True

# Set to False to allow the session cookie to be read by javascript
tools.sessions.httponly = True

# Set to False to allow the session cookie to be accessible to insecure pages
tools.sessions.secure = True

# Set to True to force cookie secure flag when splunkweb is behind proxy server
tools.sessions.forceSecure = False


As you can see It already appears by default



State of Splunk Careers

Access the Splunk Careers Report to see real data that shows how Splunk mastery increases your value and job satisfaction.

Find out what your skills are worth!