Missing Secure Attribute In Encrypted Session (SSL) Cookie // Disable WebDav (Doc ID 2027178.1)

Last updated on SEPTEMBER 08, 2016

Applies to:

Oracle Demantra Demand Management - Version 7.3.1 and later
Information in this document applies to any platform.

Symptoms

 we are running Demantra application (7.3.1.1) on tomcat 6.0.44 , a security scan has reported that the application is sending non secure cookies over SSL (we can see the username/password) in clear text.

1- please advise how can we add the 'Secure' attribute to all sensitive cookies.
2- please advise how can we disable the WebDAV in the application.

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms