My Oracle Support Banner

How to Set the Enterprise Manager Database Control Web Site Startup Option to Enable the HTTPOnly Flag in the HTTP Session Cookie (Doc ID 1909374.1)

Last updated on JANUARY 18, 2023

Applies to:

Enterprise Manager for Oracle Database - Version to [Release 10.2 to 11.2]
Information in this document applies to any platform.


The Database Control web site creates session cookies that do not have the "HTTPOnly" flag set by default. This document describes how to configure DB Control to set the HTTPOnly option in the session cookie on startup.

See this article for a discussion of the benefits if the HTTPOnly option:

<Note 1586861.1> Security Advisory: Configure OC4J Startup Option to Enable HTTPOnly for HTTP Session Cookie



To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.