Win a copy of Re-engineering Legacy Software this week in the Refactoring forum
or Docker in Action in the Cloud/Virtualization forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Need sample of weblogic.xml file for supporting HttpOnly

 
Abhishek Purwar
Ranch Hand
Posts: 63
Eclipse IDE Java Spring
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Friends,

I need to use set HttpOnly flag for cookie _WL_AUTHCOOKIE_JSESSIONID. I am using weblogic server 10.0.0 and need a help in weblogic.xml for supporting setting HttpOnly flag for cookies.
Can someone provide me with sample weblogic.xml for weblogic server 10.0.0 so that HttpOnly flag will be supported?
Please provide your views as soon as possible.

Thanks.
 
Prasanth S Pillai
Ranch Hand
Posts: 39
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
<session-descriptor>
<cookie-http-only>true</cookie-http-only>
<cookie-secure>true</cookie-secure>
<cookie-rewriting-enabled>false</cookie-rewriting-enabled>
</session-descriptor>

The weblogic documentation says - httpOnly is enabled by default. I couldn't see that though.
Before deploying new changes to server, make sure that all the tmp folder are deleted & cache is cleared.
You may verify the HttpOnly flag from LIVE HTTP Headers addin plugin from Firefox.

prasanth
 
Vinodh Sa
Ranch Hand
Posts: 55
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
hi,

i have added the same entry in weblogic.xml.
But while deploying the same, its giving module exception, that some validation problems were found.
i m using weblogic server 9.2.
can you help with this ?

pasting below my weblogic.xml

 
German Gonzalez-Morris
Ranch Hand
Posts: 259
Eclipse IDE Firefox Browser Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Vinodh Sa wrote:hi,

i have added the same entry in weblogic.xml.
But while deploying the same, its giving module exception, that some validation problems were found.
i m using weblogic server 9.2.
can you help with this ?


support for HttpOnly session cookie is added to WLS 9.2 MP3 by applying a patch.
also it could be that you are using an older 9.2 version.
 
Prasanth S Pillai
Ranch Hand
Posts: 39
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
the easiest way to check the validity of any XML file is to open the XML in IE from a machine which is connected to internet. It will show whether the file is corrupted or not
 
German Gonzalez-Morris
Ranch Hand
Posts: 259
Eclipse IDE Firefox Browser Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
the validation problem must be because that tag is not in the schema for that version.
unless you apply the patch or use a newer weblogic version, the schema validation issue will persist.
 
Vinodh Sa
Ranch Hand
Posts: 55
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
hi all,

thanks for all your replies.

Gonzalez, as you pointed out, the problem is with the version of the weblogic server only.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic