File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
The moose likes BEA/Weblogic and the fly likes Need sample of weblogic.xml file for supporting HttpOnly Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Products » BEA/Weblogic
Bookmark "Need sample of weblogic.xml file for supporting HttpOnly" Watch "Need sample of weblogic.xml file for supporting HttpOnly" New topic
Author

Need sample of weblogic.xml file for supporting HttpOnly

Abhishek Purwar
Ranch Hand

Joined: Dec 15, 2007
Posts: 63

Hi Friends,

I need to use set HttpOnly flag for cookie _WL_AUTHCOOKIE_JSESSIONID. I am using weblogic server 10.0.0 and need a help in weblogic.xml for supporting setting HttpOnly flag for cookies.
Can someone provide me with sample weblogic.xml for weblogic server 10.0.0 so that HttpOnly flag will be supported?
Please provide your views as soon as possible.

Thanks.


Abhishek Purwar,
Bangalore.
Prasanth S Pillai
Ranch Hand

Joined: Oct 28, 2009
Posts: 39
<session-descriptor>
<cookie-http-only>true</cookie-http-only>
<cookie-secure>true</cookie-secure>
<cookie-rewriting-enabled>false</cookie-rewriting-enabled>
</session-descriptor>

The weblogic documentation says - httpOnly is enabled by default. I couldn't see that though.
Before deploying new changes to server, make sure that all the tmp folder are deleted & cache is cleared.
You may verify the HttpOnly flag from LIVE HTTP Headers addin plugin from Firefox.

prasanth
Vinodh Sa
Ranch Hand

Joined: May 06, 2010
Posts: 55
hi,

i have added the same entry in weblogic.xml.
But while deploying the same, its giving module exception, that some validation problems were found.
i m using weblogic server 9.2.
can you help with this ?

pasting below my weblogic.xml



Thanks, Vinodh
[Servlet tutorial]
German Gonzalez-Morris
Ranch Hand

Joined: Nov 16, 2009
Posts: 173

Vinodh Sa wrote:hi,

i have added the same entry in weblogic.xml.
But while deploying the same, its giving module exception, that some validation problems were found.
i m using weblogic server 9.2.
can you help with this ?


support for HttpOnly session cookie is added to WLS 9.2 MP3 by applying a patch.
also it could be that you are using an older 9.2 version.


http://devwebcl.blogspot.com/
Prasanth S Pillai
Ranch Hand

Joined: Oct 28, 2009
Posts: 39
the easiest way to check the validity of any XML file is to open the XML in IE from a machine which is connected to internet. It will show whether the file is corrupted or not
German Gonzalez-Morris
Ranch Hand

Joined: Nov 16, 2009
Posts: 173

the validation problem must be because that tag is not in the schema for that version.
unless you apply the patch or use a newer weblogic version, the schema validation issue will persist.
Vinodh Sa
Ranch Hand

Joined: May 06, 2010
Posts: 55
hi all,

thanks for all your replies.

Gonzalez, as you pointed out, the problem is with the version of the weblogic server only.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Need sample of weblogic.xml file for supporting HttpOnly