Enable Secure Cookies
The cookie-secure flag tells the Web browser to only send the cookie back over an HTTPS connection.
This ensures that the cookie is transmitted only on a secure channel. HTTPS must be enabled for the URL exposed by the application.
To enable the cookie-secure flag, you update the weblogic.xml
within the xmlpserver.war
file (within the
xmlpserver.ear
).
-
Locate the
xmlpserver.ear
file underORACLE_HOME/bifoundation/jee/
-
Unpack the
xmlpserver.ear
file. -
Unpack the
xmlpserver.war
file. -
Back up the
WEB-INF/weblogic.xml
file. -
Open the
WEB-INF/weblogic.xml
file. -
Add the following attributes to the
<wls:session-descriptor>
:<wls:cookie-secure>true</wls:cookie-secure> <wls:url-rewriting-enabled>false</wls:url-rewriting-enabled>
Example:
<?xml version = '1.0' encoding = 'US-ASCII'?> <wls:weblogic-web-app xmlns:wls="http://xmlns.oracle.com/weblogic/weblogic-web-app" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/ejb-jar_3_0.xsd http://xmlns.oracle.com/weblogic/weblogic-web-app http://xmlns.oracle.com/weblogic/weblogic-web-app/1.2/weblogic-web-app.xsd"> <wls:session-descriptor> <wls:cookie-path>/xmlpserver</wls:cookie-path> <wls:cookie-secure>true</wls:cookie-secure> <wls:url-rewriting-enabled>false</wls:url-rewriting-enabled> </wls:session-descriptor> <wls:context-root>xmlpserver</wls:context-root> <wls:library-ref> ...
-
Repack the
xmlpserver.war
file. -
Repack the
xmlpserver.ear
file. -
Go to your WebLogic Server console and update the bipublisher deployment.