How to secure CFGLOBALS cookie

To secure CFGLOBALS cookie I tried the following method as I did for CFID and CFTOKEN . But its not working for CFGLOBALS . Note that this method is working fine for CFID and CFTOKEN.
<cfset cf_ssn_cookies = {httponly='true', secure='true'}>
<cfapplication name="ABCD" clientmanagement="Yes" sessionmanagement="Yes" setclientcookies="Yes"sessioncookie=#cf_ssn_cookies#>
Any idea why the HTTPOnly and SECURE flags are not setting up for CFGLOBALS cookie.

Ya .... Can you just send the summary.....
BK , can you do one more help. I have posted another question here How to prevent clickjacking issue in CF. If possible can you just look into it.

Similar Messages

How to secure session cookie

Iam using iPlanet 6.0SP6 in NT 4.0.
I would like to make the session cookie JSESSIONID to be transfer only on secure connection.
Then, I make the change to web-apps.xml as below
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE vs PUBLIC "-//Sun Microsystems, Inc.; iPlanet//DTD Virtual Server Web Applications 6.0//EN"
"http://developer.iplanet.com/webserver/dtds/iws-webapps_6_0.dtd">
<vs>
<session-cookie is-secure="true"></session-cookie>
</vs>
After that, I restart the iplanet web server and load the page with I.E. again. I see that the cookie is still passed with non-secure mode.
Is there any wrong with my web-apps.xml?

Janice,
Thanks for your help.
When I use the below web-apps.xml, I can make the cookie in secure session.
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE vs PUBLIC "-//Sun Microsystems, Inc.; iPlanet//DTD Virtual Server Web Applications 6.0//EN"
"http://developer.iplanet.com/webserver/dtds/iws-webapps_6_0.dtd">
<vs>
<web-app uri="/" dir="d:/java/docroot" enable="true">
<session-manager class="com.iplanet.server.http.session.IWSSessionManager">
<init-param>
<param-name>maxSessions</param-name>
<param-value>16000</param-value>
</init-param>
<init-param>
<param-name>timeOut</param-name>
<param-value>7200</param-value>
</init-param>
<init-param>
<param-name>reapInterval</param-name>
<param-value>30</param-value>
</init-param>
<init-param>
<param-name>maxValueSize</param-name>
<param-value>8192</param-value>
</init-param>
</session-manager>
<session-cookie is-secure="true"/>
</web-app>
</vs>
However, when I configure more on the web applicaiton with the web.xml, I check that the cookie no more secure.
THe web.xml is
<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE web-app PUBLIC
"-//Sun Microsystems, Inc.//DTD Web Application 2.2//EN"
"http://java.sun.com/j2ee/dtds/web-app_2_2.dtd">
<web-app>
<display-name>Trade Info Exchange</display-name>
<description>
Trade Info Exchange
</description>

<servlet>
<servlet-name>Login</servlet-name>
<servlet-class>com.chase.infra.appcontrol.servlet.LoginServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>Login</servlet-name>
<url-pattern>/Login</url-pattern>
</servlet-mapping>
<servlet>
<servlet-name>Fmenu</servlet-name>
<servlet-class>com.chase.infra.appcontrol.servlet.FmenuServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>Fmenu</servlet-name>
<url-pattern>/Fmenu</url-pattern>
</servlet-mapping>
<servlet>
<servlet-name>Fcontent</servlet-name>
<servlet-class>com.chase.infra.appcontrol.servlet.FcontentServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>Fcontent</servlet-name>
<url-pattern>/Fcontent</url-pattern>
</servlet-mapping>
<servlet>
<servlet-name>Express</servlet-name>
<servlet-class>com.chase.apps.express.servlet.EXPRESS2</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>Express</servlet-name>
<url-pattern>/EXPRESS2</url-pattern>
</servlet-mapping>
<servlet>
<servlet-name>AppControl</servlet-name>
<servlet-class>com.chase.infra.appcontrol.servlet.AppControlServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>AppControl</servlet-name>
<url-pattern>/AppControl</url-pattern>
</servlet-mapping>
<servlet>
<servlet-name>errorPage</servlet-name>
<servlet-class>com.chase.infra.appcontrol.servlet.errorPage</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>errorPage</servlet-name>
<url-pattern>/errorPage</url-pattern>
</servlet-mapping>
<servlet>
<servlet-name>LoginFail</servlet-name>
<servlet-class>com.chase.infra.appcontrol.servlet.LoginFailServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>LoginFail</servlet-name>
<url-pattern>/LoginFail</url-pattern>
</servlet-mapping>
<servlet>
<servlet-name>Logout</servlet-name>
<servlet-class>com.chase.infra.appcontrol.servlet.LogoutServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>Logout</servlet-name>
<url-pattern>/Logout</url-pattern>
</servlet-mapping>
<servlet>
<servlet-name>ChangePwdWarning</servlet-name>
<servlet-class>com.chase.infra.appcontrol.servlet.ChangePwdWarningServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>ChangePwdWarning</servlet-name>
<url-pattern>/ChangePwdWarning</url-pattern>
</servlet-mapping>
<servlet>
<servlet-name>ChangePwd</servlet-name>
<servlet-class>com.chase.infra.appcontrol.servlet.ChangePwdServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>ChangePwd</servlet-name>
<url-pattern>/ChangePwd</url-pattern>
</servlet-mapping>
<servlet>
<servlet-name>ReLoginDialog</servlet-name>
<servlet-class>com.chase.infra.appcontrol.servlet.ReLoginDialog</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>ReLoginDialog</servlet-name>
<url-pattern>/ReLoginDialog</url-pattern>
</servlet-mapping>
<servlet>
<servlet-name>TradeTrackProcessSearch</servlet-name>
<servlet-class>chase.app.tt.servlet.ProcessSearchServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>TradeTrackProcessSearch</servlet-name>
<url-pattern>/TradeTrackProcessSearch</url-pattern>
</servlet-mapping>
<servlet>
<servlet-name>TradeTrackSearchScreen</servlet-name>
<servlet-class>chase.app.tt.servlet.SearchScreenServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>TradeTrackSearchScreen</servlet-name>
<url-pattern>/TradeTrackSearchScreen</url-pattern>
</servlet-mapping>
<servlet>
<servlet-name>TradeTrackMain</servlet-name>
<servlet-class>chase.app.tt.servlet.MainServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>TradeTrackMain</servlet-name>
<url-pattern>/LCIMPORT</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>TradeTrackMain</servlet-name>
<url-pattern>/LCEXPORT</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>TradeTrackMain</servlet-name>
<url-pattern>/COLLIMP</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>TradeTrackMain</servlet-name>
<url-pattern>/COLLEXP</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>TradeTrackMain</servlet-name>
<url-pattern>/B2BMenu</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>TradeTrackMain</servlet-name>
<url-pattern>/B2BMain</url-pattern>
</servlet-mapping>
<welcome-file-list>
<welcome-file>ctielogin.html</welcome-file>
</welcome-file-list>
</web-app>
Pls advise how I can make the cookie secure for using the web.xml and web-apps.xml
thanks
samuel poon

Weblogic 10.3 secure jsessionid cookie

Hi,
I am running my application on weblogic 10.3 app server. And my application is running on both HTTP and HTTPS. My questions is around the JSESSIONID cookie that App server generates and send to client. By default this cookie is non-secure, even if application runs on HTTPS. I want to know, how can Weblogic App Server create a new JSESSIONID cookie which is secure, when application moves from HTTP to HTTPS? My requirement is to run the application on secure JSESSIONID cookie when we use HTTPS.
How can i achieve it? It's kind of critical to me.
Any help is highly appreciated.

I tried setting up the secure cookie by modifying the config.xml.
But my app server is shutting down forcefully by throwing this message.
<Aug 28, 2009 1:05:18 PM GMT+05:30> <Error> <Management> <BEA-141244> <Schema va
lidation errors while parsing D:\bea\user_projects\domains\zendough\config\confi
g.xml - Expected elements 'weblogic-plugin-enabled@http://www.bea.com/ns/weblogi
c/920/domain hosts-migratable-services@http://www.bea.com/ns/weblogic/920/domain
http-trace-support-enabled@http://www.bea.com/ns/weblogic/920/domain key-stores
@http://www.bea.com/ns/weblogic/920/domain custom-identity-key-store-file-name@h
ttp://www.bea.com/ns/weblogic/920/domain custom-identity-key-store-type@http://w
ww.bea.com/ns/weblogic/920/domain custom-identity-key-store-pass-phrase-encrypte
d@http://www.bea.com/ns/weblogic/920/domain custom-trust-key-store-file-name@htt
p://www.bea.com/ns/weblogic/920/domain custom-trust-key-store-type@http://www.be
a.com/ns/weblogic/920/domain custom-trust-key-store-pass-phrase-encrypted@http:/
/www.bea.com/ns/weblogic/920/domain java-standard-trust-key-store-pass-phrase-en
crypted@http://www.bea.com/ns/weblogic/920/domain reliable-delivery-policy@http:
//www.bea.com/ns/weblogic/920/domain message-id-prefix-enabled@http://www.bea.co
m/ns/weblogic/920/domain default-file-store@http://www.bea.com/ns/weblogic/920/d
omain candidate-machine@http://www.bea.com/ns/weblogic/920/domain overload-prote
ction@http://www.bea.com/ns/weblogic/920/domain jdbcllr-table-name@http://www.be
a.com/ns/weblogic/920/domain jdbcllr-table-xid-column-size@http://www.bea.com/ns
/weblogic/920/domain jdbcllr-table-pool-column-size@http://www.bea.com/ns/weblog
ic/920/domain jdbcllr-table-record-column-size@http://www.bea.com/ns/weblogic/92
0/domain jdbc-login-timeout-seconds@http://www.bea.com/ns/weblogic/920/domain se
rver-diagnostic-config@http://www.bea.com/ns/weblogic/920/domain auto-jdbc-conne
ction-close@http://www.bea.com/ns/weblogic/920/domain supported-protocol@http://
www.bea.com/ns/weblogic/920/domain federation-services@http://www.bea.com/ns/web
logic/920/domain single-sign-on-services@http://www.bea.com/ns/weblogic/920/doma
in web-service@http://www.bea.com/ns/weblogic/920/domain nm-socket-create-timeou
t-in-millis@http://www.bea.com/ns/weblogic/920/domain' instead of 'web-server@ht
tp://www.bea.com/ns/weblogic/920/domain' here in element server@http://www.bea.c
om/ns/weblogic/920/domain>
Here is my config.xml
<?xml version='1.0' encoding='UTF-8'?>
<domain xmlns="http://www.bea.com/ns/weblogic/920/domain" xmlns:sec="http://www.bea.com/ns/weblogic/90/security" xmlns:wls="http://www.bea.com/ns/weblogic/90/security/wls" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.bea.com/ns/weblogic/90/security/wls http://www.bea.com/ns/weblogic/90/security/wls.xsd http://www.bea.com/ns/weblogic/920/domain http://www.bea.com/ns/weblogic/920/domain.xsd http://www.bea.com/ns/weblogic/90/security/xacml http://www.bea.com/ns/weblogic/90/security/xacml.xsd http://www.bea.com/ns/weblogic/90/security http://www.bea.com/ns/weblogic/90/security.xsd">
<name>zendough</name>
<domain-version>10.3.0.0</domain-version>
<security-configuration>
<name>zendough</name>
<realm>
<sec:authentication-provider xsi:type="wls:default-authenticatorType"></sec:authentication-provider>
<sec:authentication-provider xsi:type="wls:default-identity-asserterType">
<sec:active-type>AuthenticatedUser</sec:active-type>
</sec:authentication-provider>
<sec:role-mapper xmlns:xac="http://www.bea.com/ns/weblogic/90/security/xacml" xsi:type="xac:xacml-role-mapperType"></sec:role-mapper>
<sec:authorizer xmlns:xac="http://www.bea.com/ns/weblogic/90/security/xacml" xsi:type="xac:xacml-authorizerType"></sec:authorizer>
<sec:adjudicator xsi:type="wls:default-adjudicatorType"></sec:adjudicator>
<sec:credential-mapper xsi:type="wls:default-credential-mapperType"></sec:credential-mapper>
<sec:cert-path-provider xsi:type="wls:web-logic-cert-path-providerType"></sec:cert-path-provider>
<sec:cert-path-builder>WebLogicCertPathProvider</sec:cert-path-builder>
<sec:name>myrealm</sec:name>
</realm>
<default-realm>myrealm</default-realm>
<credential-encrypted>uuuuuu</credential-encrypted>
<node-manager-username>weblogic</node-manager-username>
<node-manager-password-encrypted>kkkkk</node-manager-password-encrypted>
</security-configuration>
<server>
<name>AdminServer</name>
<ssl>
<enabled>true</enabled>
</ssl>
<listen-port>7001</listen-port>
<listen-port-enabled>true</listen-port-enabled>
<listen-address></listen-address>
<java-compiler>javac</java-compiler>
<client-cert-proxy-enabled>false</client-cert-proxy-enabled>
<web-server>
<auth-cookie-enabled>true</auth-cookie-enabled>
</web-server>
</server>
<embedded-ldap>
<name>ttttt</name>
<credential-encrypted>yyyyy</credential-encrypted>
</embedded-ldap>
<configuration-version>10.3.0.0</configuration-version>
<app-deployment>
<name>hybrisplatform</name>
<target>AdminServer</target>
<module-type>ear</module-type>
<source-path>xxxxx</source-path>
<deployment-order>100</deployment-order>
<security-dd-model>DDOnly</security-dd-model>
<staging-mode>stage</staging-mode>
</app-deployment>
<admin-server-name>AdminServer</admin-server-name>
</domain>

How do I clear cookies?

How do I clear cookies?

From Safari ??
From the Safari menu bar click Safari / Preferences then select the Security tab. Click: Show Cookies
Click: Remove All then click Done.

Enable secure session cookie on Sun ONE Web Server 6.1

How can I enable secure session cookie (JSESSIONID) on Sun ONE Web Server 6.1?.
For 6.0 is <session-cookie is-secure="true"/> inside the <web-app> tags in web-apps.xml but I'm not able to find this setting for 6.1.

There is a fix in 6.1sp5 that enables the session cookie to be marked as secure.
See the release notes and search for 6262885 under Issues Resolved in 6.1sp5:
http://docs.sun.com/app/docs/doc/819-2479/6n4p1bdea?a=view

How to turn off cookies, How to turn off cookies

HOw do I turn off cookies on iPad 2

Hy,
I have MacBookPro and in the safari>Preferences>Security I dont have options cookies...
Where do I find it and how do I enbale cookies?

How do I use cookies to control which part of the timeline to play from?

Hi there,
I have created an animation with Adobe Edge. My site uses Concrete5 and I am pulling in the Edge content into an IFRAME on my home page (there my be a better way to do this and I'm open to suggestions). I want the animation to play from the start when someone first visits the site, but if during their browser session they navigate back to the home page, I want the animation to only play a shorter segment of frames near the end.
My question is, how do I use cookies to acheive this? I'm new to javascript/jquery.
I've included the following code on compositionReady, (found in another post on this forum) but don't have a clue how to continue...
// insert code to be run when the composition is fully loaded here yepnope( { nope:[ '/js/jquery.cookie.js' ], complete: init } ); function init() { //create your cookie's initial values here }
My temp site is here - http://79.170.40.43/nutcrackerdesign.co.uk/
On revisting the homepage, I only want to play from when the green 'How can we help?' button drops in.
Many thanks!
Russ

Hi, Russ-
I found this article, which seemed really helpful in describing how cookies work in JavaScript:
http://www.quirksmode.org/js/cookies.html
Remember that JS works just fine within Animate, so on your compositionReady, you can read your cookie and then set the play based on that. You should probably uncheck the autoplay for your Stage and control the play of your Stage from the compositionReady.
Good luck!
-Elaine

How do I add cookies to adobe muse site?

Hello,
I am creating a site in Adobe Muse, which I also host through the webbasic adobe business catalyst account.
I want to add a cookies message onto my site and to that of client sites that I create.
I searched the forum and there appears to be a guide showing how to get the cookies set up in adobe business catalyst itself. However, when I try to follow the instructions, I fall at the first hurdle because it tells me to go into Site Manager and then into Pages. However, I don't have anything that says Pages. Mine only has two options; Web Forms and System Emails. The only thing in the Web Forms folder is Contact Form.
I have no idea how to get the cookies message onto my Adobe Muse site. Please...does anyone know the answer?
Also, if someone from Adobe reads this, it would be great if Adobe Muse had a widget for this...considering it is now a requirement for all websites that use cookies to be able to get consent. I hope it's in the next update.
Cheers
Sebastian

Refer to this thread for instructions on adding a Manage cookies form - http://forums.adobe.com/message/539301
The online content editing is disabled by default for sites published through Muse to BC and hence the Pages tab doesn't appear for you under Site Manager. However, you can always enable the Online Content editing feature by logging into the site admin -> going to the My Details section (by hovering over your name at the top right) and enable the option as indicated in the screenshot below.
Please refer to the following post for a reason as to why the option is incompatible with Muse (but doesn't affect any functionality as such if you enable it).
http://forums.adobe.com/message/4385787.
Thanks,
Vinayak

My iPhone 5 has broken and is being replaced with a new iPhone tomorrow. However, My carrier (orange) will b picking up my broken iPhone and I am unsure how to secure the content and icloud data on the broken phone. Is there a way to display the data?

My iPhone 5 has broken and is being replaced with a new iPhone tomorrow. However, My carrier (orange) will b picking up my broken iPhone and I am unsure how to secure the content and icloud data on the broken phone. Is there a way to disable the data held on it and ensure that if it is fixed, nobody can use/see my data and access my account?

Hi Gazpan,
Thanks for visiting Apple Support Communities.
I recommend using the steps in this article to back up your iPhone if possible:
iOS: Back up and restore your iOS device with iCloud or iTunes
http://support.apple.com/kb/ht1766
You may also find this advice helpful for your situation:
What to do before selling or giving away your iPhone, iPad, or iPod touch
http://support.apple.com/kb/ht5661
If you no longer have your iOS device
If you're using iCloud and Find My iPhone on the device, you can erase the device remotely and remove it from your account by signing in to icloud.com/find, selecting the device, and clicking Erase. When the device has been erased, click Remove from Account.
If you're unable to complete either of the above steps, you should change your Apple ID password. Changing your password won't remove any personal information that is cached on the device, but it will make sure that the new owner can't delete your information from iCloud.
Cheers,
Jeremy

How to clear the cookie in midlet before quite the midlet?anyone?pls

i am fresh in J2ME . Can anyone teach me on how to clear the cookie in midlet before i quit from it?
I designed an application that require login and use session(cookie) management, i need to clear the cookie before or during i quit the midlet, so that the user will need to login again after quit from midlet. Can anyone pls assist me? i need it urgently!

I designed an application that require login and use session(cookie) management,How did you implement the cookies. This isn't a built-in part of J2ME. You have to implement it yourself (saving the cookie and resending it in future requests), so only you can know how to delete it.
shmoove

How do I enable cookies on Windows 7

Some sites do hold my password for access ( e.g. credit card) when I went to ' help'. the suggestion for firefox was to go to firefox then 'tools', etc. When I explored firefox and open the different windows I was not able to find tools. Further investigation I found similar instructions but it stated it was for Windows XP. So how can I enable cookies on Windows 7?

Hi Esther.Applegate,
Do you have the ''Firefox'' menu in the upper left hand side of the screen? If you do, hit ''Alt'' to temporarily enable the ''Menu bar''. Then go to ''Tools > Options > Privacy''. The article [[Enabling and disabling cookies]] will show you how to set an exception for that site.
If you want the ''Menu bar'' on at all times, go to ''Firefox > Options'' and enable ''Menu bar''.
Hopefully this helps!

How can I read cookies in WebDynPro for Java

Hi,
in WebDynPro for Java I found a possibility to to get a "request-object" like the standard "HttpServletRequest-object"
IWDProtocolAdapter protocolAdapter = WDProtocolAdapter.getProtocolAdapter();
IWDRequest request = protocolAdapter.getRequestObject();
debugEnabled = (request.getParameter("Debug") != null);
With this request-object I can read request-prameters but I couldn't find a possibility to get cookies from the request.
There is no method like the "getCookies().method" in the HTTPServletRequest-Interface:-((
Has anybody an idea, how I can read cookies in WebDynPro for Java ?
Regards
Steffen

Hi,
This is the latest update I could look for regarding cookies and webdynpro.
Panic - WebContextAdapter is depracted - no more cookies now?
Regards,
Harini S

How to set a cookie in the browser from an html page called via an Iview

How to set a cookie in the browser from an html page called via an Iview
Hello all,
I have an issue which is causing problems. I have a snap survey (html form with submit and cookie setting) which is embedded in a url iview.
Although the submit and the form work fine, the portal will not allow the cookie to be set it seems.
Is there a way to allow cookies to be set from an embedded page in a url iview??
You will make my day if you know!
System: EP7 SP13
Kind regards
Alex

Hi,
Check this:
http://www.oracle.com/technology/products/ias/portal/html/same_cookie_domain_with_pdkv2.html
Cookie Basics
Web browsers have built in rules for receiving and sending cookies. When a browser makes a request to a web server and the web server returns cookies with the response, the browser will only accept a cookie if the domain associated with the cookie matches that of the original request. Similarly, when a browser makes a subsequent request, it will only send those cookies whose domain matches that of the target web server.
These rules are designed to ensure that information encoded in cookies is only "seen" by the web server(s) that the originator of the cookie intended. These rules also ensure that the cookie cannot be corrupted or imitated by another server. By default, the domain associated with a cookie exactly matches that of the server that created it. However, it is possible to modify the domain at the time the cookie is created. Relaxing the cookie domain increases the scope of the cookie's visibility making it available to a wider "audience" of web servers.
For example, if a cookie is created by a.us.oracle.com, it's domain will usually be set to a.us.oracle.com. This means that the browser will only send the cookie to a.us.oracle.com. It will never send it to any other servers. However, if at the time of creation, the domain of the cookie is set to .us.oracle.com, the browser will send the cookie to any server whose domain falls within .us.oracle.com. such as portal.us.oracle.com, provider.us.oracle.com, app.us.oracle.com etc
Regards,
Praveen Gudapati

How to secure one page not entire application?

Hi there,
I'm looking for some guidance on how to secure individual pages on my site. I've read a number of articles discussing creating a login using the Application.cfc. The thing is this approach locks down the entire site. I only want to secure a page. In my scenario, if the user hasn't logged in, and goes to a profile.cfm page, they will be asked to login. Once they login, they will then be directed to the profile.cfm page.
Any and all advice would be greatly appreciated.
Thanks.
Novian

Hi, Novian,
An option that come directly to mind is to check for the specific page to be locked down in onRequestStart of your Application.cfc.
This approach is relatively easy to implement but may not be the best approach (don't know how it might affect performance or something else). Basically, use a conditional in your onRequestStart method to see if the page being requested by the user is the page that needs to be secured. Something along the lines of:
<cffunction name="onRequestStart">
     <cfargument name="target_page" />
     <cfif target_page is 'super-secure-page.cfm'>
          
     </cfif>
</cffunction>
There are, of course, other options but this was a quick and easy one that came right to mind.

How to set HTTP cookie ORA_adf_viewScope

Hi,
I'm recording ADF page navigation using LoadRunner. From the browser, I see that one POST request sets http cookie ORA_adf_viewScope and the subsequent GET submits this cookie as part of the HTTP header. I don't see this cookie from any of the page source. LoadRunner is not able to record this cookie as well. Hence when I replay LR script, the GET request returns wrong page.
Any one knows how to set this cookie?
Thanks,
Tong
Edited by: user708470 on Jun 18, 2009 12:07 PM

I believe it is possible since axis adapter provides very same functionality. Let me summarize my scenario may be it helps:
I am trying to call series of webservice lets say in a BPM. First service (login service) will provide me with a session id (in http header with key Set-Cookie) then I will call another service which has that session id in its http header with key cookie then I am going to logout. So I am testing the second part now, but it doest let me send cookie http header parameter.
I hope I clarified a bit more my problem.
Regards,

How to secure CFGLOBALS cookie

Similar Messages

Maybe you are looking for