Enabling Secure Cookies

The cookie-secure flag tells the Web browser to only send the cookie back over an HTTPS connection.

This ensures that the cookie is transmitted only on a secure channel. HTTPS must be enabled for the URL exposed by the application.

To enable the cookie-secure flag, you must update the weblogic.xml within the xmlpserver.war file (within the xmlpserver.ear) as follows:

1. Locate the xmlpserver.ear file under ORACLE_HOME/bifoundation/jee/

2. Unpack the xmlpserver.ear file.

3. Unpack the xmlpserver.war file.

4. Back up the WEB-INF/weblogic.xml file.

5. Open the WEB-INF/weblogic.xmlfile.

6. Add the following attributes to the <wls:session-descriptor>:

      <wls:cookie-secure>true</wls:cookie-secure>
      <wls:url-rewriting-enabled>false</wls:url-rewriting-enabled>
   

   Example:

   <?xml version = '1.0' encoding = 'US-ASCII'?>
   <wls:weblogic-web-app
   xmlns:wls="http://xmlns.oracle.com/weblogic/weblogic-web-app"
   xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
   xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
   http://java.sun.com/xml/ns/javaee/ejb-jar_3_0.xsd
   http://xmlns.oracle.com/weblogic/weblogic-web-app
   http://xmlns.oracle.com/weblogic/weblogic-web-app/1.2/weblogic-web-app.xsd">
     <wls:session-descriptor>
      <wls:cookie-path>/xmlpserver</wls:cookie-path>
      <wls:cookie-secure>true</wls:cookie-secure>
      <wls:url-rewriting-enabled>false</wls:url-rewriting-enabled>
     </wls:session-descriptor>
     <wls:context-root>xmlpserver</wls:context-root>
      <wls:library-ref>
   ... 
   

7. Repack the xmlpserver.war file.

8. Repack the xmlpserver.ear file.

9. Go to your WebLogic Server console and update the bipublisher deployment.