How to Set the Enterprise Manager Database Control Web Site Startup Option to Enable the HTTPOnly Flag in the HTTP Session Cookie
(Doc ID 1909374.1)
Last updated on FEBRUARY 06, 2020
Applies to:Enterprise Manager for Oracle Database - Version 10.2.0.1 to 18.104.22.168 [Release 10.2 to 11.2]
Information in this document applies to any platform.
The Database Control web site creates session cookies that do not have the "HTTPOnly" flag set by default. This document describes how to configure DB Control to set the HTTPOnly option in the session cookie on startup.
See this article for a discussion of the benefits if the HTTPOnly option:
<Note 1586861.1> Security Advisory: Configure OC4J 10.1.3.5 Startup Option to Enable HTTPOnly for HTTP Session Cookie
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!
In this Document