How To Set HTTP Only For Cookies In Oracle iPlanet Web Server 6.1

(Doc ID 1543241.1)

Last updated on JANUARY 13, 2017

Applies to:

Oracle iPlanet Web Server - Version 6.1 and later
Information in this document applies to any platform.


Is there a way to set the 'HTTPOnly' flag in iPlanet Web Server 6.1 for all the HTTP response headers?

HttpOnly cookie

The HttpOnly cookie is supported by most modern browsers. On a supported browser, an HttpOnly session cookie will be used only when transmitting HTTP (or HTTPS) requests, thus restricting access from other, non-HTTP APIs (such as JavaScript). This restriction mitigates but does not eliminate the threat of session cookie theft via cross-site scripting (XSS). This feature applies only to session-management cookies, and not other browser cookies.



Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms