1. Server Manager Guide
  2. Setting the HttpOnly and secure attributes for the SMCONSOLE_SSID cookie (Tools release 9.2.4.3)

Setting the HttpOnly and secure attributes for the SMCONSOLE_SSID cookie (Tools release 9.2.4.3)

After you update the Server Manager Console to 9.2.4.3, perform the steps in the following sections to set the HttpOnly and secure attributes for the SMCONSOLE_SSID cookie.

Server Manager Console on Weblogic Server

Note:

These steps are applicable only if you are using the Server Manager Console installed on WebLogic and is accessed over HTTPS or /SSL.

  1. Stop the Server Manager Console.

  2. Update the weblogic.xml file and uncomment the following lines:

    <wls:cookie-secure>true</wls:cookie-secure><wls:cookie-http-only>true</wls:cookie-http-only>

  3. Start the Server Manager Console.

  4. After the Server Manager Console starts up, log in to the Server Manager Console over HTTPS or SSL to complete the configuration.

  5. To confirm that the HttpOnly and secure attributes are set for the SMCONSOLE_SSID cookie, use the Browser Debugging tool and ensure that the attributes of this cookie are the same as the attributes shown in the following screenshot:

    This image is described in surrounding text.

    This completes the configuration.

Server Manager Console on the WebSphere Server

Note:

These steps are applicable only if you are using the Server Manager Console installed on WebSphere and is accessed over HTTPS or /SSL.

  1. Log in to the WebSphere Admin Console profile in which the Server Manager Console is installed.

    This image is described in surrounding text.

  2. Navigate to the J2EE container in which the Server Manager Console is running.

    This image is described in surrounding text.

  3. In the Container Settings section, click the Session Management link.

    This image is described in surrounding text.

  4. In the General Properties section, select the Enable Cookies option.

    This image is described in surrounding text.

  5. Verify that the settings are configured as illustrated in the following screenshot:

    This image is described in surrounding text.

  6. Navigate back to the J2EE container in which the Server Manager Console is running and expand the Ports option and note down the port number for the WC_defaulthost_secure name.

    This image is described in surrounding text.

    This completes the configuration.

  7. Navigate to Virtual Hosts, select default_host, add the port number that you noted in Step 6 for WC_defaulthost_secure, and click Save.

    This image is described in surrounding text.

  8. Restart the Server Manager Console and access the console over the WC_defaulthost_secure port.

  9. To confirm that the HttpOnly and secure attributes are set for the SMCONSOLE_SSID cookie, use the Browser Debugging tool and ensure that the attributes of this cookie are as same as the attributes shown in the following screenshot:

    This image is described in surrounding text.