With Absence of WebLogic.xml - Secure Setting in Web.xml Doesn't Affect Cookie's Attribute
(Doc ID 1941462.1)
Last updated on FEBRUARY 03, 2019
Applies to:Oracle WebLogic Server - Version 220.127.116.11.0 to 18.104.22.168.0 [Release 12c]
Information in this document applies to any platform.
See also: <Note 1267117.1> How to Secure Cookies on Oracle WebLogic Server
The issue is specific to the cookie-config section in web.xml descriptor when an application does not have a weblogic.xml. The following is not working in web.xml:
The above setting can be used in web.xml to support http-only and secure settings. From testing the configuration it looks like the changes related to secure cookie settings in web.xml are not taking into effect or being honored. When the same settings are made in weblogic.xml file, the changes are taking place.
Tested with the sample application on WLS 12.1.2 and 12.1.3 version :
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!
In this Document