2.6.2 Configuration for Weblogic deployment descriptor
This topic describes about Configuration for Weblogic deployment descriptor.
Below configuration must be ensured in weblogic.xml within the deployed application ear.
- Cookies are set with Http only as true
- Cookie secure flag set to true
- Cookie path to refer to deployed application
- <wls: session-descriptor>
- <wls: cookie-http-only>true</wls: cookie-http-only>
- </wls: session-descriptor>
- <wls: session-descriptor>
- <wls: cookie-secure>true</wls: cookie-secure>
- <wls: url-rewriting-enabled>false</wls: url-rewriting-enabled>
- </wls: session-descriptor>
Always make sure Cookies are set with always Auth Flag enabled by default for WebLogic server.
Parent topic: Sensitive Data Exposure