EPM System web application sets a cookie to track the session. While setting a cookie, especially a session cookie, the server can set the secure flag, which forces the browser to send the cookie over a secure channel. This behavior reduces the risk of session hijacking.
Note: | Secure cookies only if EPM System products are deployed in an SSL-enabled environment. |
Modify the WebLogic Server session descriptor to secure WebLogic Server cookies. Set the value of cookieSecure attribute in the session-param element to true. See http://e-docs.bea.com/wls/docs92/webapp/weblogic_xml.html for detailed information.