1. HTML Server on Oracle WebLogic Server Reference Guide for Unix
  2. Set Secure Cookie in SSL/HTTPS (Optional)

Set Secure Cookie in SSL/HTTPS (Optional)

Note: If you plan to implement HTTP Strict Transport Security, refer to this Oracle document: Command Reference for Oracle WebLogic Server 14c in the section entitled: HTTP Strict Transport Security.

By default code to enable a secure cookies in SSL or HTTPS is commented out because the majority of time users are running JD Edwards EnterpriseOne using HTTP. However, if you want to run vulnerability test in tools like WebInspect you must use this procedure to enable SSL protocol.

Caution: This section of code is only required when SSL protocol is enabled.

  1. Open the following file:

    <jde_home>\SCFHA\targets\E1One_Server\owl_deployment\webclient.ear\app\webclient.war\WEB-INF\weblogic.xml

  2. Enable the following lines by remove the comment lines:

    <!--
<session-descriptor>
<cookie-secure>true</cookie-secure >
</session-descriptor>
-->

  3. Save the weblogic.xml file.