Splunk Enterprise Security

Cookie login - Secure set to true and httponly

Explorer

Hello,

Do you know how I can put HttpOnly and Secure to true in cookie login?

Security team request It to me.

DanielSp_0-1600426505817.png

It happens in splunk local account login

I have web.conf correctly to true in httponly and set to secure

Thanks a lot¡¡

Regards

Daniel

Labels (2)

Super Champion

web.conf:

tools.sessions.httponly = [True | False]
    * If set to True then the session cookie will be made unavailable
      to running javascript scripts, increasing session security
    * Defaults to True

tools.sessions.secure = [True | False]
    * If set to True and Splunkweb is configured to server requests using HTTPS
      (see the enableSplunkWebSSL setting) then the browser will only transmit
      the session cookie over HTTPS connections, increasing session security
      * Defaults to True

 

Can you copy paste your web.conf here please(after removing/editing/hiding the values related to your splunk environment, like hostname, etc) 

0 Karma

Explorer

Hello,

I have not this file in my local web.conf and It appears in web.conf from /opt/splunk/etc/system/default

...


# user session configuration
# You really don't want to turn this off
tools.sessions.on = True
tools.sessions.timeout = 60

# Set to False to expire the session cookie when the browser exits
tools.sessions.restart_persist = True

# Set to False to allow the session cookie to be read by javascript
tools.sessions.httponly = True

# Set to False to allow the session cookie to be accessible to insecure pages
tools.sessions.secure = True

# Set to True to force cookie secure flag when splunkweb is behind proxy server
tools.sessions.forceSecure = False

...

As you can see It already appears by default

Thanks¡

Regards

State of Splunk Careers

Access the Splunk Careers Report to see real data that shows how Splunk mastery increases your value and job satisfaction.

Find out what your skills are worth!