How to Set the Enterprise Manager Database Control Web Site Startup Option to Enable the HTTPOnly Flag in the HTTP Session Cookie (Doc ID 1909374.1)

Last updated on JANUARY 18, 2023

Applies to:

Enterprise Manager for Oracle Database - Version 10.2.0.1 to 11.2.0.4 [Release 10.2 to 11.2]
Information in this document applies to any platform.

Goal

The Database Control web site creates session cookies that do not have the "HTTPOnly" flag set by default. This document describes how to configure DB Control to set the HTTPOnly option in the session cookie on startup.

See this article for a discussion of the benefits if the HTTPOnly option:

<Note 1586861.1> Security Advisory: Configure OC4J 10.1.3.5 Startup Option to Enable HTTPOnly for HTTP Session Cookie

Solution

	To view full details, sign in with your My Oracle Support account.
	Don't have a My Oracle Support account? Click to get started!

In this Document

Goal

Solution

References

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.

How to Set the Enterprise Manager Database Control Web Site Startup Option to Enable the HTTPOnly Flag in the HTTP Session Cookie (Doc ID 1909374.1)

Applies to:

Goal

Solution

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!