My Oracle Support Banner

Setting "secure" and "httponly" Attribute Values For Session Cookies Generated By Single Sign-On (OAM/SSO) 11g Products (Doc ID 1459084.1)

Last updated on OCTOBER 20, 2020

Applies to:

Oracle Fusion Middleware - Version 11.1.1.1.0 and later
Oracle Application Server Single Sign-On - Version 10.1.4.0.1 and later
Oracle Access Manager - Version 11.1.1.3.0 and later
Information in this document applies to any platform.

Purpose

 The purpose of this note is to discuss the setting of cookie attributes that affect the security of cookies.

Scope

 The scope of this document is limited to the setting of the "secure" and "httponly" attributes of session cookies for Fusion Middleware 11g solutions.

Details

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Purpose
Scope
Details
 1. Background
 2.  Configuration Options for SSO/mod_osso and OAM/Webgates
 2.1 mod_osso
 2.2 Oracle Access Manager (OAM) and Webgates 10g or 11g
 2.3 Oracle Access Manager (OAM) and osso agent
References

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.