UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Session only based cookies must be disabled.


Overview

Finding ID Version Rule ID IA Controls Severity
V-245539 DTBC-0045 SV-245539r769360_rule Medium
Description
Cookies set by pages matching these URL patterns will be limited to the current session, i.e. they will be deleted when the browser exits. For URLs not covered by the patterns specified here, or for all URLs if this policy is not set, the global default value will be used either from the 'DefaultCookiesSetting' policy, if it is set, or the user's personal configuration otherwise.
STIG Date
Google Chrome Current Windows Security Technical Implementation Guide 2021-07-13

Details

Check Text ( C-23298r754760_chk )
Universal method:
1. In the omnibox (address bar) type chrome://policy.
2. If the policy "CookiesSessionOnlyForUrls" exists and has any defined values, this is a finding.

Windows method:
1. Start regedit.
2. Navigate to HKLM\Software\Policies\Google\Chrome\CookiesSessionOnlyForUrls.
3. If this key exists and has any defined values, this is a finding.
Fix Text (F-23287r769362_fix)
Windows group policy:
1. Open the group policy editor tool with gpedit.msc
2. Navigate to Policy Path: Computer Configuration\Administrative Templates\Google\Google Chrome\Content Settings.
- Policy Name: Limit cookies from matching URLs to the current session
- Policy State: Disabled
- Policy Value: N/A