Securing Cookies
Oracle Enterprise Performance Management System web application set a cookie to track the session. While setting a cookie, especially a session cookie, the server can set the secure flag, which forces the browser to send the cookie over a secure channel. This behavior reduces the risk of session hijacking.
Note:
Secure cookies only if EPM System products are deployed in an SSL-enabled environment.
Modify the Oracle WebLogic Server session descriptor to secure WebLogic Server cookies. Set the value of cookieSecure
attribute in the session-param
element to true
. See Securing Web Applications in Oracle Fusion Middleware Programming Security for Oracle WebLogic Server 11g.