My Oracle Support Banner

WCI Issues Related To A Compromised ASP.NET SessionID Cookie (Doc ID 1091355.1)

Last updated on NOVEMBER 18, 2016

Applies to:

Oracle WebCenter Interaction - Version 6.5.1 and later
Information in this document applies to any platform.

Goal

In WCI Security Mode 2 or 3, the asp.net_sessionID cookie is passed via HTTP. If the javascript below is entered into the URL field during a valid portal session the cookie value is displayed.

javascript:alert(document.cookie)

Solution

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Goal
Solution


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.