My Oracle Support Banner

Oracle iPlanet Web Server 7 Update 12 and Later Selectively Disable HttpOnly on Session Cookie (Doc ID 1353335.1)

Last updated on JUNE 16, 2023

Applies to:

Oracle iPlanet Web Server - Version 7.0 and later
Information in this document applies to any platform.


Since Oracle iPlanet Web Server 7.0 Update 9 and later  (WS7U9+), the session cookie created by web application running inside the servlet container of the web server will have the HttpOnly attribute tagged to this. Some applications may not be coded to work when HttpOnly is present and programs may break. Please see <Note: 1314365.1>. In Web Server 7.0 Update 12 and later, there is a new feature available which you can use to selectively disable HttpOnly for the whole web server. This feature was introduced as part of <Bug: 12307239> fix.


To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.