This page provides a list of cookies used by Zabbix.
Name | Description | Values | Expires/Max-Age | HttpOnly1 | Secure2 |
---|---|---|---|---|---|
PHPSESSID | Unique PHP session ID. The length can be set in php.ini - session.sid_length. |
Example: kvlp5pu2ru1a2ccvff0g52m87a | Session (expires when the browsing session ends) | + | + (only if HTTPS is enabled on a web server) |
ZBX_SESSION_NAME (available since 4.0.0). String used as the name of the Zabbix frontend session cookie. Default: zbx_sessionid |
Unique session cookie ID - a 32 character string. | Example: 004bc0213e7e8bca87fcc3919eca5270 | Current date and time +1 month (31 days) | + | + (only if HTTPS is enabled on a web server) |
tab | Active tab number; this cookie is only used on pages with multiple tabs (e.g. Host, Trigger or Action configuration page) and is created, when a user navigates from a primary tab to another tab (such as Tags or Dependencies tab). 0 is used for the primary tab. |
Example: 1 | Session (expires when the browsing session ends) | - | - |
browserwarning_ignore | Whether a warning about using an outdated browser should be ignored. | yes | Session (expires when the browsing session ends) | - | - |
messageOk | A message to show as soon as page is reloaded. | Plain text message | Session (expires when the browsing session ends) or as soon as page is reloaded | + | - |
messageError | An error message to show as soon as page is reloaded. | Plain text message | Session (expires when the browsing session ends) or as soon as page is reloaded | + | - |
Forcing 'HttpOnly' flag on Zabbix cookies by a webserver directive is not supported.
1 When HttpOnly
is 'true' the cookie will be made accessible only through the HTTP protocol. This means that the cookie won't be accessible by scripting languages, such as JavaScript. This setting can effectively help to reduce identity theft through XSS attacks (although it is not supported by all browsers).
2 Secure
indicates that the cookie should only be transmitted over a secure HTTPS connection from the client. When set to 'true', the cookie will only be set if a secure connection exists.