How To Set HTTP Only For Cookies In Oracle iPlanet Web Server 6.1
(Doc ID 1543241.1)
Last updated on AUGUST 18, 2023
Applies to:
Oracle iPlanet Web Server - Version 6.1 and laterInformation in this document applies to any platform.
Goal
Is there a way to set the 'HTTPOnly' flag in iPlanet Web Server 6.1 for all the HTTP response headers?
HttpOnly cookie
The HttpOnly cookie is supported by most modern browsers. On a supported browser, an HttpOnly session cookie will be used only when transmitting HTTP (or HTTPS) requests, thus restricting access from other, non-HTTP APIs (such as JavaScript). This restriction mitigates but does not eliminate the threat of session cookie theft via cross-site scripting (XSS). This feature applies only to session-management cookies, and not other browser cookies.
Solution
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
Goal |
Solution |
3.1.10 Set-cookie Header Appended with the HttpOnly Option |
References |