My Oracle Support Banner

How to Set the Enterprise Manager Database Control Web Site Startup Option to Enable the HTTPOnly Flag in the HTTP Session Cookie (Doc ID 1909374.1)

Last updated on FEBRUARY 06, 2020

Applies to:

Enterprise Manager for Oracle Database - Version 10.2.0.1 to 11.2.0.4 [Release 10.2 to 11.2]
Information in this document applies to any platform.

Goal

The Database Control web site creates session cookies that do not have the "HTTPOnly" flag set by default. This document describes how to configure DB Control to set the HTTPOnly option in the session cookie on startup.

See this article for a discussion of the benefits if the HTTPOnly option:

<Note 1586861.1> Security Advisory: Configure OC4J 10.1.3.5 Startup Option to Enable HTTPOnly for HTTP Session Cookie

 

Solution

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Goal
Solution
References


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.