Disable Session Cookies
An XCCDF Rule
Description
To disable session only cookies sites, setCookiesSessionOnlyForUrls
to none in the Chromium policy file.
Rationale
Cookies should only be allowed per session and only for approved URLs as permanently stored cookies can be used for malicious intent.
- ID
- xccdf_org.ssgproject.content_rule_chromium_disable_session_cookies
- Severity
- Unknown
- References
- Updated
Remediation Templates
A Shell Script
if ! grep -q CookiesSessionOnlyForUrls /etc/chromium/policies/managed/chrome_stig_policy.json; then
sed -i -e '/{/a \ "'CookiesSessionOnlyForUrls'": '\[none\]',' /etc/chromium/policies/managed/chrome_stig_policy.json
else
sed -i -e 's/\"'CookiesSessionOnlyForUrls'.*/\"'CookiesSessionOnlyForUrls'\": '\[none\]',/g' /etc/chromium/policies/managed/chrome_stig_policy.json
fi