Setting the HTTP session cookie to secure mode

Resolving The Problem

To limit the HTTP Session (JSESSIONID_ibm_console_port-number) cookie to communicate using the HTTPS protocol only, edit the defaultCookieSettings entry in deployment.xml:

1. In a text editor, open the following file:
   TIPHOME\profiles\TIPProfile\config\cells\TIPCell\applications\isc.ear\deployments\isc\deployment.xml
2. Locate the defaultCookieSettings entry, for example:
   <defaultCookieSettings xmi:id="Cookie_1305915269500" name="JSESSIONID_ibm_console_16310" domain="" maximumAge="-1" secure="false"/>
3. Set the secure attribute setting to true, so that the entry reads similar to the following:
   <defaultCookieSettings xmi:id="Cookie_1305915269500" name="JSESSIONID_ibm_console_16310" domain="" maximumAge="-1" secure="true"/>
4. Save your changes.
5. In the Tivoli Integrated Portal navigation pane, click Settings > WebSphere Admin Console.
6. Click Launch WebSphere Admin Console to start the WebSphere Application Server console.
7. In the WebSphere Application Server console navigation pane, click Security > Global security.
8. In the Authentication area of the Global security page, click the SSO link.
9. Check the Requires SSL checkbox.
10. In the Messages area at the top of the Global security page, click the Save link and log out of the WebSphere Application Server console.
11. Restart the Tivoli Integrated Portal server.