My Oracle Support Banner

How To Make The JSESSIONID Cookie Secure As Defense Against Vulnerability Issue? (Doc ID 2677037.1)

Last updated on JUNE 09, 2020

Applies to:

Oracle Banking Digital Experience - Version 18.3.0.0.0 and later
Information in this document applies to any platform.

Goal


How To Make The JSESSIONID Cookie Secure As Defense Against Vulnerability Issue?


This cookie does not have the Secure flag set. When a cookie is set with the Secure flag, it instructs the browser that the cookie can only be accessed over secure SSL/TLS channels. This is an important security protection for session cookies.
 
Vulnerable systems:
· https://IP:PORT/digx/j_security_check
cookie: JSESSIONID=

Is it possible to set the Secure flag for this cookie?
 

Solution

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Goal
Solution


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.