DTBC-0045 - Session only based cookies must be enabled.

Information

Cookies must only be allowed per session and only for approved URLs as permanently stored cookies can be used for malicious intent.

Approved URLs may be allowlisted via the CookiesAllowedForUrls policy setting, but is not a requirement.

Solution

Windows group policy:
1. Open the group policy editor tool with gpedit.msc
2. Navigate to Policy Path: Computer Configuration\Administrative Templates\Google\Google Chrome\Content Settings.
- Policy Name: Default cookies setting
- Policy State: Enabled
- Policy Value: Keep cookies for the duration of the session

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_Google_Chrome_V2R9_STIG.zip

Item Details

Category: AUDIT AND ACCOUNTABILITY

References: 800-53|AU-10, CAT|II, CCI|CCI-000166, Rule-ID|SV-245539r940013_rule, STIG-ID|DTBC-0045, Vuln-ID|V-245539

Plugin: Windows

Control ID: e93a4dea81de6e95465eb5aec4ccba088edf449b4c86cd5e02c5252252d3cf8e