My Oracle Support Banner

Oracle iPlanet Web Server 7 Update 12 and Later Selectively Disable HttpOnly on Session Cookie (Doc ID 1353335.1)

Last updated on APRIL 20, 2020

Applies to:

Oracle iPlanet Web Server - Version 7.0 and later
Information in this document applies to any platform.
***Checked for relevance on 01-Feb-2013***

Goal

Since Oracle iPlanet Web Server 7.0 Update 9 and later  (WS7U9+), the session cookie created by web application running inside the servlet container of the web server will have the HttpOnly attribute tagged to this. Some applications may not be coded to work when HttpOnly is present and programs may break. Please see <Note: 1314365.1>. In Web Server 7.0 Update 12 and later, there is a new feature available which you can use to selectively disable HttpOnly for the whole web server. This feature was introduced as part of <Bug: 12307239> fix.

Solution

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Goal
Solution
References

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.