How to Set Secure and HTTPOnly Attributes on Cookies Sent from Various Oracle Fusion Middleware Applications
Last updated on APRIL 12, 2018
Applies to:Oracle Fusion Middleware - Version 10.1.3.5.0 and later
Oracle HTTP Server - Version 10.1.3.5.0 and later
Oracle WebLogic Server - Version 10.3.6 and later
Information in this document applies to any platform.
How to Set Secure and HTTPOnly Attributes on Session Cookies Sent from Various Oracle Fusion Middleware Applications
It may be detected that you are missing a secure attribute in an encrypted session cookie. This document outlines how to set the Secure and HttpOnly attributes to session cookies sent from various Oracle Fusion Middleware applications. Setting cookies are application specific. When using SSL, the secure attribute should be enabled and the HttpOnly attribute should be present. In Oracle environments, there may be a Critical Patch Update to change the default or require a new setting for administrators. Below are common settings or documents for common Oracle Fusion Middleware applications to be used as a reference.
Sign In with your My Oracle Support account
Don't have a My Oracle Support account? Click to get started
My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms