OIM JSessionID HttpOnly and Secure Cookie Flags not set

(Doc ID 2200542.1)

Last updated on NOVEMBER 03, 2016

Applies to:

Identity Manager - Version and later
Information in this document applies to any platform.


With OIM 11g R2 PS1, the following documentation to enable SSL and secure cookies exists:

Enabling Secure Cookies in Oracle Identity Manager 11g for SSL Mode (Doc ID 1270084.1)

In addition, the R2 PS1 System Administration Guide also has the steps in Chapter 31:

Do note the values for all three of the following in the example values for the session descriptor elements:
<cookie-secure> : true
<cookie-http-only> : false
<url-rewriting-enabled> : false

Both of the above docs point to three weblogic.xml files, out of which, only two are found two in an OIM 11G R2 PS1 env.


The following is not present: OIM_HOME/apps/oim.ear/admin.war/WEB-INF/weblogic.xml

Are there additional steps needed to implement secure cookies and SSL completely?


Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms