My Oracle Support Banner

Missing Secure Attribute In Encrypted Session (SSL) Cookie // Disable WebDav (Doc ID 2027178.1)

Last updated on SEPTEMBER 08, 2016

Applies to:

Oracle Demantra Demand Management - Version 7.3.1 and later
Information in this document applies to any platform.

Symptoms

 we are running Demantra application (7.3.1.1) on tomcat 6.0.44 , a security scan has reported that the application is sending non secure cookies over SSL (we can see the username/password) in clear text.

1- please advise how can we add the 'Secure' attribute to all sensitive cookies.
2- please advise how can we disable the WebDAV in the application.

Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Symptoms
Cause
Solution


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.