10 Cookies used by Zabbix

Overview

This page provides a list of cookies used by Zabbix.

Name Description Values Expires/Max-Age HttpOnly1 Secure2
PHPSESSID Unique PHP session ID.

The length can be set in php.ini - session.sid_length.
Example: kvlp5pu2ru1a2ccvff0g52m87a Session (expires when the browsing session ends) + + (only if HTTPS is enabled on a web server)
ZBX_SESSION_NAME
(available since 4.0.0).
String used as the name of the Zabbix frontend session cookie.

Default: zbx_sessionid
Unique session cookie ID - a 32 character string. Example: 004bc0213e7e8bca87fcc3919eca5270 Current date and time +1 month (31 days) + + (only if HTTPS is enabled on a web server)
tab Active tab number; this cookie is only used on pages with multiple tabs (e.g. Host, Trigger or Action configuration page) and is created, when a user navigates from a primary tab to another tab (such as Tags or Dependencies tab).

0 is used for the primary tab.
Example: 1 Session (expires when the browsing session ends) - -
browserwarning_ignore Whether a warning about using an outdated browser should be ignored. yes Session (expires when the browsing session ends) - -
messageOk A message to show as soon as page is reloaded. Plain text message Session (expires when the browsing session ends) or as soon as page is reloaded + -
messageError An error message to show as soon as page is reloaded. Plain text message Session (expires when the browsing session ends) or as soon as page is reloaded + -

Forcing 'HttpOnly' flag on Zabbix cookies by a webserver directive is not supported.


  1. When HttpOnly is 'true' the cookie will be made accessible only through the HTTP protocol. This means that the cookie won't be accessible by scripting languages, such as JavaScript. This setting can effectively help to reduce identity theft through XSS attacks (although it is not supported by all browsers).↩︎

  2. Secure indicates that the cookie should only be transmitted over a secure HTTPS connection from the client. When set to 'true', the cookie will only be set if a secure connection exists.↩︎