SSL Cookie without Secure Flag Set (Doc ID 1916504.1)

Last updated on JUNE 20, 2023

Applies to:

Oracle WebCenter Sites - Version 11.1.1.8.0 and later
Information in this document applies to any platform.

Goal

If the secure flag is set on a cookie, then browsers will not submit the cookie in any requests that use an unencrypted HTTP connection, thereby preventing the cookie from being trivially intercepted by an attacker monitoring network traffic. If the secure flag is not set, then the cookie will be transmitted in clear-text if the user visits any HTTP URLs within the cookie's scope.

The following session cookies do not have the secure flag set:

CASTGC=TGT-4-BO6vgbVv0AEC5Sp5xGabEJU15VdvG12KprG7n9UyEfYdA0eqYc-cas-<host>-1

JSESSIONID=JLF8S0zpv3LK0plBKpX9Yp1wW4yDpj6xT2PKLdlHhSJ5GjjLHcbQ!2051602164!-1757970250; path=/cas; HttpOnly

These cookies were issued through /cas/{login,logout} and after timeouts.

How do you enable the secure flag to be set on these cookies?

Solution

	To view full details, sign in with your My Oracle Support account.
	Don't have a My Oracle Support account? Click to get started!

In this Document

Goal

Solution

References

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.

SSL Cookie without Secure Flag Set (Doc ID 1916504.1)

Applies to:

Goal

Solution

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!