How To Make The JSESSIONID Cookie Secure As Defense Against Vulnerability Issue? (Doc ID 2677037.1)

Last updated on JUNE 16, 2021

Applies to:

Oracle Banking Digital Experience - Version 18.3.0.0.0 and later
Information in this document applies to any platform.

Goal

How To Make The JSESSIONID Cookie Secure As Defense Against Vulnerability Issue?

This cookie does not have the Secure flag set. When a cookie is set with the Secure flag, it instructs the browser that the cookie can only be accessed over secure SSL/TLS channels. This is an important security protection for session cookies.

Vulnerable systems:
· https://IP:PORT/digx/j_security_check
cookie: JSESSIONID=

Is it possible to set the Secure flag for this cookie?

Solution

	To view full details, sign in with your My Oracle Support account.
	Don't have a My Oracle Support account? Click to get started!

In this Document

Goal

Solution

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.

How To Make The JSESSIONID Cookie Secure As Defense Against Vulnerability Issue? (Doc ID 2677037.1)

Applies to:

Goal

Solution

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!