Unlock a world of possibilities! Login now and discover the exclusive benefits awaiting you.
Jul 15, 2021 7:15:10 AM
May 15, 2020 5:04:46 AM
Qlik Sense session cookie does not have the Secure flag enabled. This may be reported as a potential vulnerability by security and penetration test tools.
For example browser Dev Tools can be used to confirm session cookie settings:
Environment:
Qlik Sense Enterprise on Windows
Resolution:
Qlik Sense Enterprise for Windows allows for secure HTTPS communication, including secure session cookies.
Qlik Sense Enterprise on Windows April 2020 and later
- Cookie settings are configurable under Qlik Sense virtual proxy settings
- See Qlik Sense Help: Virtual Proxy Configuration for more details
Qlik Sense Enterprise on Windows February 2020 and later
- Qlik Sense Proxy session cookie settings are configurable through SessionCookieSettings settings in Proxy.exe.config file the releases listed above.
- See Missing SameSite attribute blocks requests in Chrome 80 and later - Too many sessions in parallel for more details on configuration.
For deployments with reverse proxy between the client browser and Qlik Sense server, please validate that the reverse proxy also applies requires security attributes.
