Securing Cookies

Oracle Enterprise Performance Management System web application set a cookie to track the session. While setting a cookie, especially a session cookie, the server can set the secure flag, which forces the browser to send the cookie over a secure channel. This behavior reduces the risk of session hijacking.

Note:

Secure cookies only if EPM System products are deployed in an SSL-enabled environment.

Modify the Oracle WebLogic Server session descriptor to secure WebLogic Server cookies. Set the value of cookieSecure attribute in the session-param element to true. See Securing Web Applications in Oracle Fusion Middleware Programming Security for Oracle WebLogic Server 11g.