My Oracle Support Banner

Session Not Renewed After Entering the Credentials (Doc ID 2402277.1)

Last updated on OCTOBER 20, 2019

Applies to:

Oracle E-Business Suite Technology Stack - Version 12.1.3 to 12.1.3 [Release 12.1]
Information in this document applies to any platform.

Goal

Our security team mentioned the application doesn’t renew the session after entering the credentials, the application keeps the session cookie unchanged after the user enters his credentials.

The attacker can leverage this in a session fixation attack in case he finds a vulnerability that allows him to set the session cookie. Is it doable to renew the session cookie after the user enters his credentials?
 

Solution

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Goal
Solution
References


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.