Issue With OAM-jsessionId Static Part Cookie (Doc ID 2017634.1)

Last updated on MARCH 08, 2017

Applies to:

Oracle Access Manager - Version 11.1.2.2.0 and later
Information in this document applies to any platform.

Goal

oam-jsessionid cookie is containing some static numeric value at the end. Even if a user logs out and login again with same userid the static numeric value remain same.

What is the security risk involved and is there a workaround?
 

Solution

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms