My Oracle Support Banner

October 2011 Updates Introduce New WebLogic Portal (WLP) Configuration Options for SSL Session ID and SSL Filters (Doc ID 1355929.1)

Last updated on SEPTEMBER 30, 2022

Applies to:

Oracle WebLogic Portal - Version 9.2.0 and later
Information in this document applies to any platform.

Details

Patch Set Update and Critical Patch Update (CPU) for October 2011 has been announced with Note 1346104.1 and provides Patch 12388715 for Oracle WebLogic Portal (WLP).  After installing the WLP patch, there is a change implemented which allows for additional configuration options to secure your system. On newer versions where a patch is not required, this change is automatically included. This document is provided to announce this change and recommendations for SSL Session ID regeneration and SSL Filters within the Portal Admin Tool (PAT).

Disabling Session ID regeneration

By default the Session ID will be regenerated when a user logs in. (Note: on logout the session will be destroyed).  If you need to disable this (not recommended), do one of the following:

  1. Disable it per-web-app:

    1. Edit the web-app's web.xml and add the following context parameter:

      1. Name: changeSessionIdOnAuthentication

      2. Value: false

      3. Example:

      Actions

       

      Contacts

      To view full details, sign in with your My Oracle Support account.

      Don't have a My Oracle Support account? Click to get started!

      In this Document
      Details
       Disabling Session ID regeneration
       Ensuring the SSL Filter in the Portal Admin Tool (PAT) Redirects to your proxy
       Disabling the SSL Filter in the PAT
      Actions
      Contacts
      References

      My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.