×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
VanderbekenRaou
New Member
Member since: ‎06-12-2017
‎06-05-2020
Community Statistics
Posts 1
Solutions 0
Karma Given 0
Karma Received 0
Member Since ‎06-12-2017
Activity Feed
View All

Not all Splunk cookies have the HttpOnly tag set

by in Splunk Dev
‎07-20-2017 01:00 AM
‎07-20-2017 01:00 AM
In the web.conf file we have following positioned: tools.sessions.httponly = True tools.sessions.secure = True In the server.conf we have: allowCookieAuth = true cookieAuthHttpOnly = true cookieAuthSecure = true When looking Chrome some cooking have the HttpOnly set others don't: Name: cval Domain: splunk-dev.be.intranet Path: /en-GB/account/ Send for: Secure connections only Accessible to script: Yes Name: session_id_8000 Domain: splunk-dev.be.intranet Path: / Send for: Secure connections only Accessible to script: No (HttpOnly) Name: splunkd_8000 Domain: splunk-dev.be.intranet Path: / Send for: Secure connections only Accessible to script: No (HttpOnly) Name: splunkweb_csrf_token_8000 Domain: splunk-dev.be.intranet Path: / Send for: Secure connections only Accessible to script: Yes Name: splunkweb_uid Domain: splunk-dev.be.intranet Path: /en-GB/account Send for: Secure connections only Accessible to script: Yes What needs to be done to enfore HttpOnly for all cookies ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎06-05-2020 02:03 AM