Web Session Cookie Contains HttpOnly Attribute After Oracle iPlanet Web Server 7.0.9 Update
(Doc ID 1314365.1)
Last updated on APRIL 08, 2020
Applies to:Oracle iPlanet Web Server - Version 7.0 and later
Information in this document applies to any platform.
***Checked for relevance on 02-Jul-2014***
This document describes the change to the iPlanet Web Server Java session cookie implemented from iPlanet Web Server 7.0 update 9 onwards. This document also describes how to disable the HttpOnly attribute from the session cookie.
In Web Server 7.0 Update 9 and later, Java web applications session cookies now have the HttpOnly attribute added by default. Looking at the raw HTTP header response, the new session cookie will look like this:
Date: Mon, 18 Apr 2011 01:31:02 GMT
Set-cookie: JSESSIONID=<JSESSION_ID>; Path=/ ; HttpOnly
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!
In this Document