1. Security Guide
  2. Installing and configuring the Oracle Empirica Signal software
  3. Turn on the HttpOnly flag for session cookies within Oracle WebLogic Server for the Oracle Empirica Signal software

Turn on the HttpOnly flag for session cookies within Oracle WebLogic Server for the Oracle Empirica Signal software

Using the HttpOnly flag when generating a cookie helps mitigate the risk of a client-side script accessing the protected cookie.

Perform these steps on the application server.

To turn on the HttpOnly flag for session cookies:

  1. Navigate to the <INSTALL_DIR>/Signal/WEB-INF directory.
  2. Open the weblogic.xml file, and locate the <session-descriptor> section.
  3. If the section does not contain the following element, add the element:
    <wls:cookie-http-only>true</wls:cookie-http-only>

Parent topic: Installing and configuring the Oracle Empirica Signal software