How to Set Secure and HTTPOnly Attributes on Cookies Sent from Various Oracle Fusion Middleware Applications

(Doc ID 2160221.1)

Last updated on SEPTEMBER 18, 2017

Applies to:

Oracle Fusion Middleware - Version 10.1.3.5.0 and later
Oracle HTTP Server - Version 10.1.3.5.0 and later
Oracle WebLogic Server - Version 10.3.6 and later
Information in this document applies to any platform.

Goal

How to Set Secure and HTTPOnly Attributes on Session Cookies Sent from Various Oracle Fusion Middleware Applications

This document outlines how to set the Secure and HttpOnly attributes to session cookies sent from various Oracle Fusion Middleware applications. Setting cookies are application specific. When using SSL, the secure attribute should be enabled and the HttpOnly attribute should be present. In Oracle environments, there may be a Critical Patch Update to change the default or require a new setting for administrators. Below are common settings or documents for common Oracle Fusion Middleware applications to be used as a reference.

Solution

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms