IBM Support

Configuring the HTTPOnly attribute in WebSphere 8.5.5

Technical Blog Post


Configuring the HTTPOnly attribute in WebSphere 8.5.5


I guess some of you have already ran into some issues where you are cannot do Direct Print because you're getting "Invalid request. The request must only come from maximo session" error. This technote "Unable to Direct Print - Invalid Request Error" will help you to resolve the issue. However, it only talks about WebLogic. If you are using WebSphere, you can configure the attribute through WebSphere console.


  1. Log in to the administrative console for WebSphere.
  2. From the navigation panel, go to Servers > Server Types > WebSphere application servers.
  3. Click the JVM server you want to modify, for example MXServer.
  4. Under Container Settings, click Session management.

  5. Click Enable cookies. Please ensure that you keep the check box marked.

  6. Uncheck the Set session cookies to HTTPOnly to help prevent cross-site scripting attacks.

  7. Save the changes and restart the application server.

[{"Business Unit":{"code":"BU055","label":"Cognitive Applications"},"Product":{"code":"SSLKT6","label":"IBM Maximo Asset Management"},"Component":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"","Edition":"","Line of Business":{"code":"LOB02","label":"AI Applications"}}]