1. Security Guide
  2. Installing and configuring the Oracle Empirica Signal software
  3. Turn on the HttpOnly, Secure, and SameSite flags for session cookies within Oracle WebLogic Server for the Oracle Empirica Signal software

Turn on the HttpOnly, Secure, and SameSite flags for session cookies within Oracle WebLogic Server for the Oracle Empirica Signal software

Using the HttpOnly, Secure, and SameSite flags when generating a cookie helps mitigate the risk of a client-side script accessing the protected cookie and the cookie being tempered during transmission.

Perform these steps on the application server.

To turn on the HttpOnly, Secure, and SameSite flags for session cookies:

  1. Navigate to the <INSTALL_DIR>/Signal/WEB-INF directory.
  2. Open the weblogic.xml file, and locate the <session-descriptor> section.
  3. If the section does not contain the following elements, add the elements:
    • <wls:cookie-http-only>true</wls:cookie-http-only>
    • <wls:cookie-secure>true</wls:cookie-secure>
  4. The SameSite attribute is optional. However, if the attribute is present in <wls:cookie-path>, Oracle recommends setting it to at least LAX, which is the default value. For example:

    <wls:cookie-path>/;SameSite=LAX</wls:cookie-path>

Parent topic: Installing and configuring the Oracle Empirica Signal software