The cookie-secure flag tells the Web browser to only send the cookie back over an HTTPS connection.
This ensures that the cookie is transmitted only on a secure channel. HTTPS must be enabled for the URL exposed by the application.
To enable the cookie-secure flag, you must update the weblogic.xml
within the xmlpserver.war
file (within the xmlpserver.ear
) as follows:
Locate the xmlpserver.ear
file under ORACLE_HOME/bifoundation/jee/
Unpack the xmlpserver.ear
file.
Unpack the xmlpserver.war
file.
Back up the WEB-INF/weblogic.xml
file.
Open the WEB-INF/weblogic.xml
file.
Add the following attributes to the <wls:session-descriptor>
:
<wls:cookie-secure>true</wls:cookie-secure> <wls:url-rewriting-enabled>false</wls:url-rewriting-enabled>
Example:
<?xml version = '1.0' encoding = 'US-ASCII'?> <wls:weblogic-web-app xmlns:wls="http://xmlns.oracle.com/weblogic/weblogic-web-app" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/ejb-jar_3_0.xsd http://xmlns.oracle.com/weblogic/weblogic-web-app http://xmlns.oracle.com/weblogic/weblogic-web-app/1.2/weblogic-web-app.xsd"> <wls:session-descriptor> <wls:cookie-path>/xmlpserver</wls:cookie-path> <wls:cookie-secure>true</wls:cookie-secure> <wls:url-rewriting-enabled>false</wls:url-rewriting-enabled> </wls:session-descriptor> <wls:context-root>xmlpserver</wls:context-root> <wls:library-ref> ...
Repack the xmlpserver.war
file.
Repack the xmlpserver.ear
file.
Go to your WebLogic Server console and update the bipublisher deployment.