How to Configure Oracle Commerce ATG Cookies to Have a "HttpOnly" Attribute

(Doc ID 2044381.1)

Last updated on JUNE 15, 2017

Applies to:

Oracle Commerce Platform - Version 10.1 and later
Information in this document applies to any platform.


Is it possible to mark the JSESSIONID, ATG_SESSION_ID, DYN_USER_ID, and DYN_USER_CONFIRM cookies with the HttpOnly flag? 


Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms