How to set session cookie http-only in weblogic version 8

Question

Is cookieHttpOnly available in Weblogic 8.x ?? I need to set the session cookies to HTTP only for security reasons and unable to find anything in the weblogic.xml deployment descriptor.

http://docs.oracle.com/cd/E13222_01/wls/docs81/webapp/weblogic_xml.html

Please help!

score 0 · Answer 1 · edited Apr 01 '14 at 06:03

0

httpOnly cookie attribute is available from weblogic 9.2 onwards.

But there is a work around to this, check: https://www.owasp.org/index.php/HTTPOnly

For 9.2 see Weblogic descriptor elements for 9.2

edited Apr 01 '14 at 06:03

joao

4,067
3
33
37

answered Apr 01 '14 at 05:36

user3483727

1

How to set session cookie http-only in weblogic version 8

1 Answers1