11g Grid Control: How to Setup Secure Cookies for the Grid Console UI Sessions
(Doc ID 1433103.1)
Last updated on FEBRUARY 13, 2020
Applies to:Enterprise Manager Base Platform - Version 220.127.116.11 to 18.104.22.168 [Release 11.1]
Information in this document applies to any platform.
For a 11g OMS setup, the HTTP access is blocked and the Grid Console URL is being accessed using the HTTPS console port:
The resulting URL shows:
Display of the jsessionid cookie in the URL is considered as unsecure and can be reported as a security risk by your Organization's Security / Audit team.
This document explains how to setup secure Cookies for the Grid Console UI Sessions, so that the jsessionid is not shown in the browser.
cd <OMS_HOME>/binSetting up secure cookies as described in this document and accessing the Console in HTTP mode will create a new session for each interaction - which means that even the login will not be successful as the login page is repeatedly shown. This behaviour is explained in:
emctl secure lock -console
<Note 1277059.1>: New HTTP Session Generated For Each Interaction When Cookie-Secure is Enabled
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!
In this Document