October 2011 Updates Introduce New WebLogic Portal (WLP) Configuration Options for SSL Session ID and SSL Filters
(Doc ID 1355929.1)
Last updated on SEPTEMBER 30, 2022
Oracle WebLogic Portal - Version 9.2.0 and later Information in this document applies to any platform.
Patch Set Update and Critical Patch Update (CPU) for October 2011 has been announced with Note 1346104.1 and provides Patch 12388715 for Oracle WebLogic Portal (WLP). After installing the WLP patch, there is a change implemented which allows for additional configuration options to secure your system. On newer versions where a patch is not required, this change is automatically included. This document is provided to announce this change and recommendations for SSL Session ID regeneration and SSL Filters within the Portal Admin Tool (PAT).
Disabling Session ID regeneration
By default the Session ID will be regenerated when a user logs in. (Note: on logout the session will be destroyed). If you need to disable this (not recommended), do one of the following:
Disable it per-web-app:
Edit the web-app's web.xml and add the following context parameter:
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!