Oracle iPlanet Web Server 7 Update 12 and Later Selectively Disable HttpOnly on Session Cookie
(Doc ID 1353335.1)
Last updated on APRIL 20, 2020
Applies to:Oracle iPlanet Web Server - Version 7.0 and later
Information in this document applies to any platform.
***Checked for relevance on 01-Feb-2013***
Since Oracle iPlanet Web Server 7.0 Update 9 and later (WS7U9+), the session cookie created by web application running inside the servlet container of the web server will have the HttpOnly attribute tagged to this. Some applications may not be coded to work when HttpOnly is present and programs may break. Please see <Note: 1314365.1>. In Web Server 7.0 Update 12 and later, there is a new feature available which you can use to selectively disable HttpOnly for the whole web server. This feature was introduced as part of <Bug: 12307239> fix.
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!
In this Document