Prevent removal of cookies by kibana server

(KIBANA 5.6) I am trying to track a user sessions by utilizing cookies sent from a proxy/middleware server, but i notice that the kibana server is stripping these cookies for almost all requests except /elasticsearch/_msearch before passing it to the kibana app. ie "set-cookie" header is missing in response header.

Is there any place that i can prevent this behaviour, either through the kibana.yml config file or even the location of this action/function in the source code.

Hi @kev12,

thanks for your question.

Just to make sure I understand you correctly: Did you place your proxy between the Kibana server and Elasticsearch? Normally this kind of proxies is placed between the Kibana client and Kibana server which should prevent this kind of problem.

Hey @flash1293

Thanks for the quick response. Sorry i didn't see your reply earlier. Yes i did place it between Elasticsearch and Kibana server.

Ahh should've thought of that :), could you please guide me on how i would place it between kibana server and client. As the only options i can see in the Kibana.yml file is to specify which port i want kibana server to be served on.

How would i indicate where i want the kibana client to look for my proxy.

You just enter the host address of the proxy into your browser and configure the proxy to forward everything to host and port of your kibana instance. Everything else should behave like when you place the proxy between Elasticsearch and Kibana Server.

Hey @flash1293

Thanks for the response.

Let me try and explain my use case a bit more. The issue that i am trying to solve is i am trying to replicate the comparison of queries functionality from kibana 3.(

To do this i need to save the /bulk/get of all the visualization in a cookie so i can relate that data with the /_msearch request (seeing as /_msearch has no identifying params)and edit the aggs object before querying kibana.

Please correct me if i am wrong, but i think the solution you outlined would work great for managing a session but then i would not be able to manipulate a request from kibana itself.

Would there be a way to change the endpoint that kibana queries to fetch data ? or a way to stop it from stripping cookies .

It should also be possible to rewrite the aggregations in the proxy between Kibana Client and Kibana Server proxy because the query DSL is written on the client and the server just passes this calls to the server (in most cases). At least that's the case for the aggregation queries sent for regular visualizations on dashboards.

So if you manipulate them before they reach the Kibana server, it should work out fine - plus it's easy to associate the request with the right user.

Hey @flash1293

Sorry for the late response, this may be a little bit more resource intensive than i had originally planned for as i was only going to route /bulk_get and/_msearch requests to my proxy and let the other requests travel to elastic search directly (i am using a load balancer)

If i place the proxy before the kibana client then every request will have to travel through the proxy.

So i feel that changing the endpoint (to my proxy ) for the xhr requests made by kibana to elastic search or prevent kibana from stripping cookies are currently the two approaches i can think of, keeping performance in mind. Is there any place i can change that.

Unfortunately there is no setting to route specific requests somewhere else - everything is tied to the elasticsearch.hosts entry in your kibana.yml.

If you are concerned about performance you could implement a two tiered system by placing a high performance proxy like nginx between Kibana client and Kibana server, which routes the data requests you are after to your custom rewrite-proxy and forwards all other requests directly to the Kibana server.

I don't know which load balancer you are using but it might even be able to take care of this.

Hey @flash1293

Thanks for all your help. I guess i will go ahead with the suggested approach and place the proxy before my Kibana server.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.