My Oracle Support Banner

11g Grid Control: How to Setup Secure Cookies for the Grid Console UI Sessions (Doc ID 1433103.1)

Last updated on FEBRUARY 13, 2020

Applies to:

Enterprise Manager Base Platform - Version to [Release 11.1]
Information in this document applies to any platform.


For a 11g OMS setup, the HTTP access is blocked and the Grid Console URL is being accessed using the HTTPS console port:

The resulting URL shows:


Display of the jsessionid cookie in the URL is considered as unsecure and can be reported as a security risk by your Organization's Security / Audit team.
This document explains how to setup secure Cookies for the Grid Console UI Sessions, so that the jsessionid is not shown in the browser.

Note: These steps should be used only when the HTTP access to the Grid Console is blocked using:
cd <OMS_HOME>/bin
emctl secure lock -console
Setting up secure cookies as described in this document and accessing the Console in HTTP mode will create a new session for each interaction - which means that even the login will not be successful as the login page is repeatedly shown. This behaviour is explained in:
<Note 1277059.1>: New HTTP Session Generated For Each Interaction When Cookie-Secure is Enabled


To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.