UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

Session only based cookies must be disabled


Overview

Finding ID Version Rule ID IA Controls Severity
V-35799 DTBC-0045 SV-47086r2_rule ECSC-1 Medium
Description
"Allows you to set a list of url patterns that specify sites which are allowed to set session only cookies. If this policy is left not set the global default value will be used for all sites either from the 'DefaultCookiesSetting' policy if it is set, or the user's personal configuration otherwise. If the "RestoreOnStartup" policy is set to restore URLs from previous sessions this policy will not be respected and cookies will be stored permanently for those sites." - Google Chrome Administrators Policy List
STIG Date
Google Chrome v24 Windows STIG 2013-02-21

Details

Check Text ( C-44145r1_chk )
Universal method(Requires Chrome Browser v15 or later):
1. In the omnibox(address bar) type chrome://policy
2. If the policy "CookiesSessionOnlyForUrls" does not show up or has any defined values, this is a finding.

Windows:
Start regedit
Navigate to HKLM\Software\Policies\Google\Chrome\CookiesSessionOnlyForUrls
If this key does not exist or has any defined values this is a finding
Fix Text (F-40347r1_fix)
Valid for Chrome Browser version 11 or later.

Windows registry:
Key Path: HKLM\Software\Policies\Google\Chrome\
Value Name: CookiesSessionOnlyForUrls
Value Type: List of strings
Value Data: null

Windows group policy:
Policy Path: Computer Configuration\Administrative Templates\Google\Google Chrome\
Policy Name: Allow session only cookies on these sites
Policy State: Disabled
Policy Value: N/A