The Latest Technology Stack News Directly from EBS Development

HTTPOnly Cookie Flag Now Available for EBS 12.1.3

Elke Phelps
Product Management Director

We are pleased to announce an enhancement to Oracle E-Business Suite security whereby the HTTPOnly cookie flag is set automatically for the EBS session cookie (sometimes also called ICX session cookie) when the requirements listed below are met.  Setting the HTTPOnly cookie flag provides additional security by concealing the cookie from client-side scripts.


This feature is automatically available to all EBS 12.1.3 customers who have met the following requirements:

Note:  We previously announced the HTTPOnly cookie flag with EBS 12.2.  


Related Articles

Join the discussion

Comments ( 2 )
  • Mariana Angelova Sunday, October 6, 2019
    Hi Elke,

    Thanks for your post.

    I still can not find Note 338821.1 in MOS as suggested in the Patch 27484544 README:

    "...Additionally the following parameter need to be set to "true" before applying this patch..."

    Any idea where to find some more details about is this required only during applying the patch or ...?

    Thanks in advance
    KInd regards
  • Elke Phelps (Oracle Development) Tuesday, October 8, 2019
    Mariana, Thanks for the inquiry. I'm researching this internally and will post an update once I have clarification.

Please enter your name.Please provide a valid email address.Please enter a comment.CAPTCHA challenge response provided was incorrect. Please try again.