The Latest Oracle E-Business Suite Technology News direct from
Oracle E-Business Suite Development & Product Management

HTTPOnly Cookie Flag Now Available for EBS 12.1.3

Elke Phelps
Product Management Director

We are pleased to announce an enhancement to Oracle E-Business Suite security whereby the HTTPOnly cookie flag is set automatically for the EBS session cookie (sometimes also called ICX session cookie) when the requirements listed below are met.  Setting the HTTPOnly cookie flag provides additional security by concealing the cookie from client-side scripts.


This feature is automatically available to all EBS 12.1.3 customers who have met the following requirements:

Note:  We previously announced the HTTPOnly cookie flag with EBS 12.2.  


Related Articles

Join the discussion

Comments ( 5 )
  • Mariana Angelova Sunday, October 6, 2019
    Hi Elke,

    Thanks for your post.

    I still can not find Note 338821.1 in MOS as suggested in the Patch 27484544 README:

    "...Additionally the following parameter need to be set to "true" before applying this patch..."

    Any idea where to find some more details about is this required only during applying the patch or ...?

    Thanks in advance
    KInd regards
  • Elke Phelps (Oracle Development) Tuesday, October 8, 2019
    Mariana, Thanks for the inquiry. I'm researching this internally and will post an update once I have clarification.

  • Seb Tuesday, November 26, 2019
    You can always create a filter and use a wrapper for the response to override the addCookie method
  • Elke Phelps (Oracle Development) Wednesday, November 27, 2019

    It is not required for patch 27484544 to perform steps in MOS Note 338821.1.

    The readme for patch 27484544 has been updated accordingly.

    Thanks for bringing this to our attention.

  • Elke Phelps (Oracle Development) Wednesday, November 27, 2019
    Seb - Thanks for the comment. We recommend that customers follow the supported method as per the guidance in this blog article.

    What you are recommend may be possible; however, this would be considered a customization. See the following for support implications for customizations with EBS:

Please enter your name.Please provide a valid email address.Please enter a comment.CAPTCHA challenge response provided was incorrect. Please try again.