&#xfeff;<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
   "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="EN" xmlns="http://www.w3.org/1999/xhtml" xml:lang="EN">
<head>
<title> Turn on the HttpOnly flag for session cookies within Oracle WebLogic Server for the Empirica Signal software </title>
<meta name="Generator" content="Author-it" />
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/>
<meta name="Keywords" content=""/>
<script language="javascript" type="text/javascript" charset="UTF-8" src="dhtml_toc.js"></script>
<script language="javascript" type="text/javascript" charset="UTF-8" src="open_parent.js"></script>
<script language="javascript" type="text/javascript" charset="UTF-8" src="dhtml_load.js"></script>
<script language="javascript" type="text/javascript" charset="UTF-8" src="dhtml_search.js"></script>
<link rel="stylesheet" type="text/css" href="newwave.css"/>
<link rel="stylesheet" type="text/css" href="index_stylesheet.css"/>
<base target="CONTENT"/>
<script>window.ohcglobal || document.write('<script src="/en/dcommon/js/global.js">\x3C/script>')</script></head>
<body onload="loadParent();;bodyLoad();;;if (isTOCLoaded()) {expand('201670');expand('201682');highlight('204952')}" text="#000000" link="#0000A0" alink="#008000" vlink="#FF0000">
	<div id="searchResultsNone"></div>
	<div id="content" style="padding-bottom: 50px;">
		<table summary="" class="relatedtopics aboveheading" cellpadding="0" cellspacing="0" border="0">
<tr valign="top">
<td width= "18">
<p class="bodytext"><a href="201664.htm" target="_self"><img width="34" height="34" src="125.gif" alt="Previous Topic" vspace="0" hspace="0" align="bottom" border="0" /></a></p></td>
<td width= "18">
<p class="bodytext"><a href="201665.htm" target="_self"><img width="33" height="34" src="124.gif" alt="Next Topic" vspace="0" hspace="0" align="bottom" border="0" /></a></p></td>
<td width= "48">
<p class="bodytext"><a href="javascript:expand('201670');expand('201682');highlight('204952')" onclick="loadTOC()" target="_self"><img width="165" height="27" src="122.gif" alt="Book Contents" vspace="0" hspace="0" align="bottom" border="0" /></a></p></td>
</tr>
</table>
<h3 class="heading3">Turn on the HttpOnly flag for session cookies within Oracle WebLogic Server for the Empirica Signal software</h3>
<p class="bodytext">Using the HttpOnly flag when generating a cookie helps mitigate the risk of a client-side script accessing the protected cookie. </p>
<p class="bodytext">Perform these steps on the application server. </p>
<p class="bodytext">To turn on the HttpOnly flag for session cookies:</p>
<ol class="listnumber"><li class="listnumber">Navigate to the <strong class="specialbold"><strong class="specialbold">&lt;INSTALL_DIR&gt;/Signal/WEB-INF</strong></strong> directory.</li><li class="listnumber">Open the <strong class="specialbold"><strong class="specialbold">weblogic.xml</strong></strong> file, and locate the &lt;session-descriptor&gt; section.</li><li class="listnumber">If the section does not contain the following element, add the element:<p class="commandtext2indent">&lt;wls:cookie-http-only&gt;true&lt;/wls:cookie-http-only&gt;</p>
<p class="commandtext2indent"></p>
<p class="listnote"><strong class="specialbold">Note:</strong> When the element is set to <strong class="specialbold"><strong class="specialbold">true</strong></strong>, users must use Microsoft Internet Explorer 10 or 11 and Java 8 or later to run DataMontage patient profiles as applets. Users running older releases should deselect the <strong class="specialbold"><strong class="specialbold">Run DataMontage as applet</strong></strong> user preference.</p>
</li></ol>

		
	</div>
	<div id="feedback"><a href="mailto:empirica_doc_feedback_grp@oracle.com?Subject=Comments about the Empirica Signal 8.1.1 Secure Configuration Guide - Turn on the HttpOnly flag for session cookies within Oracle WebLogic Server for the Empirica Signal software" target="_top"><img width="24" height="108" src="feedback.gif" alt="Send Feedback"></a>
	</div>
	
	<div id="foot">		
			<ul style="padding: 0;">
				<li class="footer" style="padding: 0 7px 0 0;"><a href="217485.htm">Access to Oracle Support</a></li>
				<li class="footer"><a href="http://www.oracle.com/pls/topic/lookup?ctx=acc&id=docacc" target="_blank">Accessibility</a></li>
				<li class="footer" style="border-right-style: none;"><a href="217488.htm">Legal Notices</a></li>
			</ul>
			<p style="font-size:12px;">Copyright &copy; 2002, 2018 Oracle and/or its affiliates. All rights reserved.</p>
	</div>
<noscript>
<p>Scripting on this page enhances content navigation, but does not change the content in any way.</p>
</noscript>
</body>
</html>
<footer>
</footer>
<noscript>
<p>Scripting on this page enhances content navigation, but does not change the content in any way.</p>
</noscript>
<script>$(document).foundation();</script>
</body>
</html>