WCI Issues Related To A Compromised ASP.NET SessionID Cookie (Doc ID 1091355.1)

Last updated on NOVEMBER 18, 2016

Applies to:

Oracle WebCenter Interaction - Version 6.5.1 and later
Information in this document applies to any platform.

Goal

In WCI Security Mode 2 or 3, the asp.net_sessionID cookie is passed via HTTP. If the javascript below is entered into the URL field during a valid portal session the cookie value is displayed.

javascript:alert(document.cookie)

Solution

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms