My Oracle Support Banner

How To Set HTTP Only For Cookies In Oracle iPlanet Web Server 6.1 (Doc ID 1543241.1)

Last updated on AUGUST 18, 2023

Applies to:

Oracle iPlanet Web Server - Version 6.1 and later
Information in this document applies to any platform.


Is there a way to set the 'HTTPOnly' flag in iPlanet Web Server 6.1 for all the HTTP response headers?

HttpOnly cookie

The HttpOnly cookie is supported by most modern browsers. On a supported browser, an HttpOnly session cookie will be used only when transmitting HTTP (or HTTPS) requests, thus restricting access from other, non-HTTP APIs (such as JavaScript). This restriction mitigates but does not eliminate the threat of session cookie theft via cross-site scripting (XSS). This feature applies only to session-management cookies, and not other browser cookies.



To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document
 3.1.10 Set-cookie Header Appended with the HttpOnly Option

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.