Kibana user session tracking

I have three questions.

I want to track user actions in Kibana.
However, the session ID is changed for each request.
(I use Kibana6.7.0)

First,
The session id seems to be encrypted, is that correct?
If so, how should I decrypt it?

Is the value of xpack.security.encryptionKey in kibana.yml the key to encrypt the session?
If so, where should I decrypt from function in Kibana?

Second,
How does access browser cookies in react.js?
Can I get a user session when I access cookies?

Last,
If I can not track the user through the session value, can I track it using different values?

Please let me know your answer....!!!!!

@Larry_Gregory or @Brandon_Kobel can get to this q when they get some time.

Thanks
Rashmi

@Yungyoung_Ok,

Yes, session information is encrypted via the xpack.security.encryptionKey that you define in your kibana.yml. We don't intend for this to be decrypted on your own though, and we make no guarantees as to the contents of the session data.

You can access browser cookies in react the way you would in any JavaScript based application: document.cookie. Keep in mind that this won't give you access to Kibana's session cookie, as its HttpOnly flag is set. You'll only be able to access cookies that aren't protected via HttpOnly.

You can set your own cookies to track user sessions if that's something you'd like to do.

If you want to get access to the current user, you can make a GET request to http://localhost:5601/api/security/v1/me (replacing localhost with your kibana instance). A word of caution though: this is not considered a public API, and is subject to change without warning between releases in ways that may not be backwards compatible.

1 Like

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.