How to Set Secure and HTTPOnly Attributes on Cookies Sent from Various Oracle Fusion Middleware Applications
(Doc ID 2160221.1)
Last updated on AUGUST 29, 2023
Applies to:
Oracle HTTP Server - Version 10.1.3.5.0 and later Oracle WebLogic Server - Version 10.3.6 and later Oracle Fusion Middleware - Version 10.1.3.5.0 and later Information in this document applies to any platform.
Goal
How to Set Secure and HTTPOnly Attributes on Session Cookies Sent from Various Oracle Fusion Middleware Applications
It may be detected that you are missing a secure attribute in an encrypted session cookie. This document outlines how to set the Secure and HttpOnly attributes to session cookies sent from various Oracle Fusion Middleware applications. Setting cookies are application specific. When using SSL, the secure attribute should be enabled and the HttpOnly attribute should be present. In Oracle environments, there may be a Critical Patch Update to change the default or require a new setting for administrators. Below are common settings or documents for common Oracle Fusion Middleware applications to be used as a reference.
Solution
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!