Configure your application server to use Secure Sockets Layer (SSL) connections. SSL authenticates the server to clients that connect to it and encrypts the data that they exchange. In particular, make sure that connections to internal, administration interfaces such as the Dynamo Server Admin application, the Oracle ATG Web Commerce Business Control Center, and the ATG Control Center use SSL.

SSL authentication helps to prevent session hijacking. Do not allow your Web application to transmit or receive unencrypted session identifiers. Unauthorized users can reuse session identifiers to gain access to your Web application while an authorized user is logged in. Unauthorized users cannot access session identifiers if they are encrypted by SSL.

See instructions for configuring SSL in the documentation for your Java application server. The application server controls SSL for connections to your Oracle ATG Web Commerce application.