Security

Can Splunk Accept Cookies With Colon Embedded?

mzorzi
Splunk Employee
Splunk Employee

If I have cookies set in my domain and when I try to connect via FQDN, I get:


"400 Bad Request"

Illegal cookie name DACS:DGINET::DGI:manon


After investigating on the web, I've found the following

www.cherrypy.org/868

where it is explained that Cookies with colon are considered not compatible with RFC 2965.

Firefox and IE and other applications can accept this format, is there a way to make it working in Splunk as well?

Tags (1)
1 Solution

hexx
Splunk Employee
Splunk Employee

This matter has been evaluated by our UI dev team and I will take the liberty to post their response here :

"Fixing cherrypy to accept bad cookies would require that we stop using the standard python cookie library and write our own. The only fix is to replace cherrypy's cookie handler and write (or use) another handler. Unfortunately there isn't a quick patch to be had."

View solution in original post

zachvida
Path Finder

We had a similar issue. Not sure if the spec changed from when our cookie was made? But we apparently never noticed the issue because we were not fully qualifying the address when going to splunk login page. Meaning that our site-wide single sign on cookies where not being applied. The long term solution is to fix any cookies you might be submitting to the interface.

0 Karma

hexx
Splunk Employee
Splunk Employee

This matter has been evaluated by our UI dev team and I will take the liberty to post their response here :

"Fixing cherrypy to accept bad cookies would require that we stop using the standard python cookie library and write our own. The only fix is to replace cherrypy's cookie handler and write (or use) another handler. Unfortunately there isn't a quick patch to be had."

Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...