CloudShark Support

Best Practices for Cookies in CloudShark

Best Practices for Cookies

CloudShark 3.2 introduced much needed controls for the Administrator over the default cookie settings used to log users into the web application. This guide will go over the available options and how to configure them.

Configuration

We discovered during development that it was very easy to lock yourself and everybody else out of CloudShark. For that reason, we decided to make these options only accessible to the Administrator via SSH console access.

Config File

All options are configured in the YAML config file located on the server at /var/www/cloudshark/shared/config/cloudshark.conf. This file is loaded when CloudShark starts up, so for changes to take affect the CloudShark service will need to be restarted by running (as root):

service cloudshark restart

Verify your changes still allow you to log-in to CloudShark before disconnecting from the SSH session. If you continue to have any issues logging into CloudShark, please contact support@cloudshark.org for help.

Available Settings

The duration of a login session is controlled by the configuration variable named session_lifetime_seconds. This is an integer value in seconds. If this value is set to 0 (zero) the cookie is set as a “session cookie” which will expire immediately when the user closes their browser.

The default cookie expiration is 24 hours, or 86,400 seconds.

If for some reason you need to force all of your users to log-out, simply restart the CloudShark service on your appliance.

Secure Flag

If CloudShark has been configured to run over HTTPS and HTTP access has been disabled, we strongly recommend you enable Secure Cookies to prevent unintended transmission of the cookie over an unencrypted connection.

By setting secure_cookies to “yes” in the config file, Cookies will have the secure flag enabled and will not be transmitted via HTTP.

In this scenario, it will be impossible to log in via HTTP. The login page will warn you if you are attempting to login via HTTP and Secure Cookies are turned on.

You may also need to delete any existing cookies that were set before this flag was enabled.

For environments where strict cookie policies are in place, you may explicitly set your default_cookie_domain to match your host and domain name. For this to work correctly, the cookie domain must match the DNS name used to access CloudShark.

About CloudShark

CloudShark is made by QA Cafe, a technology company based in Portsmouth, NH. Our passion for packet captures has grown out of our other product CDRouter.

Get in touch via our Contact us page or by following us on your favorite service: