My Oracle Support Banner

Setting "secure" and "httponly" Attribute Values For Session Cookies Generated By Single Sign-On (OAM/SSO) 11g Products (Doc ID 1459084.1)

Last updated on OCTOBER 20, 2020

Applies to:

Oracle Fusion Middleware - Version and later
Oracle Application Server Single Sign-On - Version and later
Oracle Access Manager - Version and later
Information in this document applies to any platform.


 The purpose of this note is to discuss the setting of cookie attributes that affect the security of cookies.


 The scope of this document is limited to the setting of the "secure" and "httponly" attributes of session cookies for Fusion Middleware 11g solutions.


To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document
 1. Background
 2.  Configuration Options for SSO/mod_osso and OAM/Webgates
 2.1 mod_osso
 2.2 Oracle Access Manager (OAM) and Webgates 10g or 11g
 2.3 Oracle Access Manager (OAM) and osso agent

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.