OpenStack Horizon - SESSION_COOKIE_SECURE parameter set to True

Information

The 'SECURE' cookie attribute instructs web browsers to only send the cookie through an encrypted HTTPS (SSL/TLS) connection. This session protection mechanism is mandatory to prevent the disclosure of the session ID through MitM (Man-in-the-Middle) attacks. It ensures that an attacker cannot simply capture the session ID from web browser traffic.

Solution

Set the value of parameter SESSION_COOKIE_SECURE in /etc/openstack-dashboard/local_settings.py to True

See Also

http://docs.openstack.org/security-guide/dashboard/checklist.html

Item Details

Category: SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|SC-23

Plugin: Unix

Control ID: 7a890dff66b81f0eb9cd453beefad704e9d731762c4d7af6bc5f78691a0df404