Setting HttpOnly and secure flag in Oracle Weblogic 12c

Question & Answer

Question

How do we set HttpOnly and secure flag in Oracle Weblogic 12c to secure IBM Atlas?

Cause

To prevent session hijacking and securing the cookie

Answer

Perform steps as mentioned below:

1. Undeploy any existing PolicyAtlas deployments using Oracle Weblogic console

2. Open the PolicyAtlas.ear file using a tool like 7zip or similar and update weblogic.xml file with the changes below:

<wls:session-descriptor>
<wls:cookie-secure>true</wls:cookie-secure>
<wls:cookie-http-only>true</wls:cookie-http-only>
<wls:url-rewriting-enabled>false</wls:url-rewriting-enabled>
</wls:session-descriptor>

3. Save the changes by updating the ear file.

4. Redeploy the updated ear file using Oracle Weblogic console

[{"Product":{"code":"SS5JP8","label":"Atlas eDiscovery Process Management"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"Administration","Platform":[{"code":"PF016","label":"Linux"},{"code":"PF027","label":"Solaris"},{"code":"PF033","label":"Windows"}],"Version":"6.0.3.2;6.0.3","Edition":"All Editions","Line of Business":{"code":"LOB10","label":"Data and AI"}}]

Tips

Setting HttpOnly and secure flag in Oracle Weblogic 12c

Question & Answer

Question

Cause

Answer

Was this topic helpful?

Document Information

UID

Share your feedback

Need support?