Web Session Cookie Contains HttpOnly Attribute After Oracle iPlanet Web Server 7.0.9 Update
(Doc ID 1314365.1)
Last updated on JANUARY 31, 2023
Applies to:Oracle iPlanet Web Server - Version 7.0 and later
Information in this document applies to any platform.
This document describes the change to the iPlanet Web Server Java session cookie implemented from iPlanet Web Server 7.0 update 9 onwards. This document also describes how to disable the HttpOnly attribute from the session cookie.
In Web Server 7.0 Update 9 and later, Java web applications session cookies now have the HttpOnly attribute added by default. Looking at the raw HTTP header response, the new session cookie will look like this:
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!
In this Document