How to set JSESSION ID as secure in Weblogic 10.3.5.0

Similar Messages

• How to set Multi User Environment in the weblogic 5.1 and 6.1 server..(Urgently)

  Hi all,
  I need to know how to set Multi User Environment in the weblogic 5.1
  properties file..
  Here my question is..:)
  1) I have a database with multiple users and having different privileges
  for the users.. and i need to use all the privileges when user aceess
  the database through weblogic server connectionPool.
  2)According to the user privileges i need access the database tables
  content and gives the frontEnd(jsp).
  3)How to modify dynamically weblogic.properties file in the weblogic
  5.1.
  If anybody having idea reg. this issues pl...help me..
  Thanks in advance
  Chandu([email protected],[email protected])

  Hi. A JDBC connection pool is a set of identical, interchangeable, pre-made
  connections, and the controls to make sure only one user uses a particular
  connection at any one time. If you want to have different DBMS users, you can
  have a separate pool for each DBMS user, which may contain as many or few
  connections as you want. Some applications has a pool for the accounting
  applications, and another for the sales applications etc. Some do have a
  separate pool for john, jane, joe etc, each with one connection. Pools
  can be created and destroyed dynamically using the dynamic pool API.
  Joe
  softstar wrote:
  >
  Hi all,
  I need to know how to set Multi User Environment in the weblogic 5.1
  properties file..
  Here my question is..:)
  1) I have a database with multiple users and having different privileges
  for the users.. and i need to use all the privileges when user aceess
  the database through weblogic server connectionPool.
  2)According to the user privileges i need access the database tables
  content and gives the frontEnd(jsp).
  3)How to modify dynamically weblogic.properties file in the weblogic
  5.1.
  If anybody having idea reg. this issues pl...help me..
  Thanks in advance
  Chandu([email protected],[email protected])

• How to Set up HTTPOnly and SECURE FLAG for session cookies

  Hi All,
  To fix some vulnerability issues (found in the ethical hacking , penetration testing) I need to set up the session cookies (CFID , CFTOKEN , JSESSIONID) with "HTTPOnly" (so not to access by other non HTTP APIs like Javascript). Also I need to set up a "secure flag" for those session cookies.
  I have found the below solutions.
  For setting up the HTTPOnly for the session cookies.
  1] In application.cfc we can do this by using the below code. Or we can do this in CF admin side under Server Settings » Memory Variables
       this.sessioncookie.httponly = true;
  For setting up the secure flag for the session cookies.
  2] In application.cfc we can do this by using the below code. Or we can do this in CF admin side under Server Settings » Memory Variables
       this.sessioncookie.secure = "true"
  Here my question is how we can do the same thing in Application.cfm?. (I am using ColdFusion version 10). I know we can do this using the below code , incase of HTTPOnly (for example).
  <cfapplication setclientcookies="false" sessionmanagement="true" name="test">
  <cfif NOT IsDefined("cookie.cfid") OR NOT IsDefined("cookie.cftoken") OR cookie.cftoken IS NOT session.CFToken>
    <cfheader name="Set-Cookie" value="CFID=#session.CFID#;path=/;HTTPOnly">
    <cfheader name="Set-Cookie" value="CFTOKEN=#session.CFTOKEN#;path=/;HTTPOnly">
  </cfif>
  But in the above code "setclientcookies" has been set to "false". In my application (it is an existing application) this has already been set to "true". If I change this to "false" as mentioned in the above code then ColdFusion will not automatically send CFID and CFTOKEN cookies to client browser and we need to manually code CFID and CFTOKEN on the URL for every page that uses Session. Right???. And this will be headache.Right???. Or any other way to do this.
  Your timely help is well appreciated.
  Thanks in advance.

  BKBK wrote:
  Abdul L Koyappayil wrote:
  BKBK wrote:
  You can switch httponly / secure on and off, as we have done, for CFID and CFToken. However, Tomcat automatically switches JsessionID to 'secure' when it detects that the protocol is secure, that is, HTTPS.
  I couldnt understand this. I mean how are you relating this with my question.
  When Tomcat detects that the communication protocol is secure (that is, HTTPS), it automatically switches on the 'secure' flag for the J2EE session cookie, JsessionID. Tomcat is configured to do that. Coldfusion has no say in it. So, for JsessionID, 'secure' is automatically set to 'false' when HTTP is detected and automatically set to 'true' when HTTPS is detected.
       If this is the case then why I am getting below info for jsessionid (As you mentioned it should set with SECURE flag . Right???). Note that we are using web server - Apache vFabric .And the application that we are using is in https and there is no hit is going from https to http.
  Name:
  JSESSIONID
  Content:
  782BF97F50AEC00B1EBBF1C2DBBBB92F.xyz
  Domain:
  xyz.abc.pqr.com
  Path:
  Send for:
  Any kind of connection
  Accessible to script:
  No (HttpOnly)
  Created:
  Wednesday, September 3, 2014 2:25:10 AM
  Expires:
  When the browsing session ends
  BKBK wrote:
  2]When I checked CF Admin->Server Settings->Memory Variables I found that J2EE SESSION has been set to YES. So does this mean that do we need to set HTTPOnly and SECURE flag for JSESSIONID only or for CF session cookies (CFID AND CFTOKEN ) as well ?.
  Set HTTPOnly / Secure for the session cookies that you wish to use. Each cookie has its pros and cons. For example, the JsessionID cookie is more secure and more Java-interoperable than CFID/CFToken but, from the explanation above, it forbids the sharing of sessions between HTTP and HTTPS.
       I understood that setting thos flags (httponly/secure) is as per my wish. But my question was , is it necessary to set those flags forcf session cookies (cfid and cftoken) as we have enabled J2EE session in CF admin?. Or in other way as the session management is J2EE based do we need to set those flags for CF session cookies?.
  BKBK wrote:
  3]If I need to set HTTPOnly and SECURE flag for JSESSIONID , how can I do that.
  It is sufficient to set the HTTPOnly only. As I explained above, Tomcat will automatically set 'secure' to 'true' when necessary, that is, when the protocol is HTTPS.
       I understood that it is sufficient to set httponly only.but how we will set it for jsessionid?. This is my question. Apache vFabric will alos set secure to true automatically. Any idea??

• How to Set the Transaction Isolation Level in WebLogic?

  Is there a way to set the transaction isolation level in WebLogic 9.2 or WebLogic 10?
  For an example say, we have an application which is supported for several database platforms. Without setting the transaction isolation level in DBMS level, is there a way to specify this in WebLogic to make it common for all the DBMS type?
  And I found a way to change the transaction isolation level in WebSphere application server using a property called webSphereDefaultIsolationLevel.
  [url http://www-1.ibm.com/support/docview.wss?rs=180&uid=swg21224492]http://www-1.ibm.com/support/docview.wss?rs=180&uid=swg21224492
  Is there a way to do the same thing in WebLogic application server 9.2 or 10?

  Anuradha W wrote:
  That means, currently the only way tospecify the transaction level is through
  weblogic-ejb-jar.xml deployment descriptor?
  for WLS-generated code, yes.Somewhat related to this question, we have written a standalone testcase to reproduce this issue we have been having. Basically, the issue is that even though we configure the isolation level to a non-default one in the deployment descriptor, the connections returned by the datasource seem to be having the default (which is Read Committed). The DBMS is DB2.
  weblogic-ejb-jar.xml has the following set:
  <isolation-level>TransactionRepeatableRead</isolation-level>
  And we printed the isolation level of the connection returned from a method in the EJB, but the isolation level is still the default. I can share the code to reproduce the problem if you want to take a look at it. Please let me know how I can get that across to you.
  Thanks,
  AnuradhaIf you are using our JDBC driver for DB2, or can switch to it,
  just for a test, there is some debug I'd like from you.
  Joe

• TS2446 I can't remember how I set up my account security questions

  I need to reset my security questions because I have tried changing them and keep forgetting what I was setting up. How do I do this?

  Some Solutions for Resetting Forgotten Security Questions: Apple Support Communities

• How to set WPA and WPA2 security with multiple AEs

  Hi Everybody,
  I have purchased a second AE and with the help of Alan Summers was able to set them all up for multiple speakers use in iTunes. In order to make them run I had to downgrade security settings to 40-bit WEP which is not really satisfying. My Airport Admin. Utility was still 4.0, so I tried 4.2 which offers the use of WPA and WPA2 with multiple AEs. Upgraded to 4.2 and switched off security settings first. Both AE are recogniced and speakers of second AE also show up in iTunes but I cannot connect to them. Since it didn't work without security settings, I didn't even try with it and went back using 4.0. All other firmware is up-to-date:
  AirPort Express 6.3
  iTunes 6.0.2
  Intel(R) PRO/Wireless 2200BG Network Connection 9.0.3.0
  Any advice would deeply be appreciated!
  BTW - if it works, it's maybe the greatest sound experience I ever had. Music all over the place!!
  Best regards
  Roman

  Found it!!
  1) upgrade Airport Admin. Utility to 4.2
  2) set second AE as "remote base station" and not in "client mode" (that's the clue!!)
  3) follow instructions and type in MAC address of main base station
  4) choose a channel (doesn't matter which one, just has to be the same on both AEs)
  5) choose your personal WPA and WPA2 password (same on both AEs)
  6) restart both AEs
  7) enjoy the music all over the place!
  Best regards
  Roman

• Setting up item level security access

  Hello,
  I am new to Oracle Instant Portal and I'm trying to figure out how to set up item level security on a particular tab page. Can anyone give step by step instructions on how to make it work?
  So, say that I have a tab page called HR. On that HR page, I have 3 items. For item1 and item2, I want user1 to have view access to these only, and for user2 they could have view access to item3 only.
  I checked the option in the HR page's Page Access settings to Enable Item Level Security, saved the changes, and even cleared the cache, but it doesn't seem to give me any new functionality where I could specify that for item1 and item2, only user1 should have access to it, and for item3, only user2 should access it.
  Can someone please help?
  Thanks!

  Please disregard--I figured out how to do this:
  1. When you are editing the page, you must click on the "Edit Item" icon next to the item.
  2. Then click on the Access tab in the upper right.
  3. Select Define Item Level Access Privileges and click Apply.
  4. In the Grant Access section that now appears just below, select the user id you want to grant access to the item and then click Add.

• HOW TO SET RESCETRSION PASSWORD FORGET

  hOW TO SET RESCETRSION PASSWORD FORGET

  Try:
  security passwords min-length
  I'm not positive if it's supported in your version of IOS-XE but it is in some.

• Firefox 4 multi user environment in linux: How to set global settings?

  <blockquote>Locking duplicate thread.<br>
  Please continue here: [/questions/826921]</blockquote><br>
  Hi,
  We used to be able to change settings in all.js file in FF 3.x.x platform, for changing settings like, proxy, authentication, etc. We installed FF 4.0.1 in linux, but, I can't find the all.js file to change any of the global settings in FF 4.0.1.
  Could you please point me how to changeglobal settings in FF 4.x version?
  thanks in advance.

  Hi. A JDBC connection pool is a set of identical, interchangeable, pre-made
  connections, and the controls to make sure only one user uses a particular
  connection at any one time. If you want to have different DBMS users, you can
  have a separate pool for each DBMS user, which may contain as many or few
  connections as you want. Some applications has a pool for the accounting
  applications, and another for the sales applications etc. Some do have a
  separate pool for john, jane, joe etc, each with one connection. Pools
  can be created and destroyed dynamically using the dynamic pool API.
  Joe
  softstar wrote:
  >
  Hi all,
  I need to know how to set Multi User Environment in the weblogic 5.1
  properties file..
  Here my question is..:)
  1) I have a database with multiple users and having different privileges
  for the users.. and i need to use all the privileges when user aceess
  the database through weblogic server connectionPool.
  2)According to the user privileges i need access the database tables
  content and gives the frontEnd(jsp).
  3)How to modify dynamically weblogic.properties file in the weblogic
  5.1.
  If anybody having idea reg. this issues pl...help me..
  Thanks in advance
  Chandu([email protected],[email protected])

• I am having email problems with the new Lion.  stmp, imap, etc. I have looked up google info and It is confusing when it comes to TS, SSL also, please explain how to set it up so my email goes out and comes in securely.  Help

  I am having email problems with the new Mountain Lion.  stmp, imap, etc. I have looked up google info and It is confusing when it comes to TS, SSL also, please explain how to set it up so my email goes out and comes in securely.  Help
  Incoming Mail (IMAP) Server - requires SSL:
  imap.gmail.com
  Use SSL: Yes
  Port: 993
  Outgoing Mail (SMTP) Server - requires TLS:
  smtp.gmail.com (use authentication)
  Use Authentication: Yes
  Use STARTTLS: Yes (some clients call this SSL)
  Port: 465 or 587
  Account Name:
  your full email address (including @gmail.com) Google Apps users, please enter username@your_domain.com
  Email Address:
  your full Gmail email address ([email protected]) Google Apps users, please enter username@your_domain.com
  Password:
  your Gmail password
  The Quick Answer
  Follow the instructions below to set up IMAP1 access in most email clients.
  Google Apps users, please follow the default instructions unless otherwise noted, replacing 'your_domain.com' with your actual domain2 name.
  this is all greek to me. WHAT IS STARTTLS? On the first page of Apple set up there is a TLS certificate and it is marked NONE- should I change it to the long APPLE CERT option?  The next page under ADVANCED: THERE IS A BOX SSL MARKED.  Then IMAP Path Prefix - I put stmp.gmail.com.. is that right?  Port 993 can  use this one? as 456 doesn't work and 587 said it wasn't safe.  Under AUTHENTICATION I used PASSWORD.  Should I have used external client cert TLS?
  Please help me set this up securely. Thanks

  Apple - Support - Mail Setup Assistant

• Using AX as wireless router, how to set up w/ security and airtunes on XP

  I previously had a Linksys wireless router. I just purchased an Airport express to use as the wireless router (and remove the Linksys router) as well as use the Airtunes functionality.
  After some trial and error, I have been able to wireless connect my computer to the AX on it's own (the linksys router is now unplugged and out of the equation). I can connect to the internet fine on my PC (XP Pro SP2).
  Trouble is, when I use the Network Setup Assistant, it shows the apple network listed, but it can't connect to it, no matter how many times I try, reboot my machine or reboot the AX. I've tried both the "setting up a new network" and "editing an existing network" option, and in each selection, after a few minutes of trying to connect to the network, I just get a failure message.
  If I try and use the Admin utility, nothing shows up in the left-hand list window, and when I Press re-scan, still nothing shows (it doesn't even appear to scan).
  I'm not sure what I'm doing wrong. I can't find simple instructions on how to set up the AX as the only wireless router for a PC and set up security and Airtunes (I'm assuming enabling airtunes is done in these applications, as I haven't seen anything about that yet either).
  Any ideas on how this is done with a PC? Much thanks!
  Dell 4500 series

  I have found the 'DHCP Reservations' option on the AirPort Extreme to be buggy.  I seem to remember it causing IP conflicts for some reason.  I think what I remember is that if the computer with the reservation was off, and the DHCP server then handed out that IP to another DHCP client, then there would be a conflict when the reserved IP computer was turned back on.  Maybe it was an issue in ealier versions of the AE or OS X as the case may be, and maybe it's been corrected, but I've never bothered using it agian since the method I describe below has always worked without fail.  Also, I'm guessing DHCP Reservations would work fine if one manually enters IPs outside of the DHCP range but in the AE 'DHCP Reservation Setup Assistant' the IP options provided are within the DHCP range which to me makes no sense and increases the potential for IP conflicts.
  Here's what I do to setup a mixed environment of static and dynamic IPs on my network.  It works like a charm and does not require the DHCP server (beyond the distribution of dynamic IPs to hosts using DHCP).
  For machines on my network that are accepting services from the public network, I set them up with static IPs using the 'Manually' option (System Preferences/Network/Ethernet/Configure IPv4).  The settings for 'Router' IP address and 'DNS Server' IP address should both be set with your gateway/router LAN IP).  Use an IP address below or above the DHCP range of adresses (in AE/Internet/DHCP/DHCP Beginning & Ending Address).
  i.e. if my subnet is 10.0.1.1 and my DHCP range is 10.0.1.100 to 10.0.1.150, you could set the static IPs on your local hosts as 10.0.1.x where x = any number from 2 - 99 or from 151 - 200 as an example.
  All other machines and devices that do not require static routing are setup as DHCP clients and get a dynamic IP from the AE.  To me it's a simpler setup though it might take a little extra time to setup initially.
  John

• How to set security group as primary site collection admin and secondary site collection admin using powershell in sharepoint online site - office 365?

  How to set security group as primary site collection admin and secondary site collection admin using powershell in sharepoint online site - office 365?

  Hi,
  According to your description, my understanding is that you want to set security group as admin of primary and secondary site collection using PowerShell command in office 365.
  I suggest you can use the command below to set the group to site owner, then it will have the site collection admin permission.
  Set-SPOSite -Identity https://contoso.sharepoint.com/sites/site1 -Owner [email protected] -NoWait
  Here are some detailed articles for your reference:
  https://technet.microsoft.com/en-us/library/fp161394(v=office.15)
  http://blogs.realdolmen.com/experts/2013/08/16/managing-sharepoint-online-with-powershell/
  Thanks
  Best Regards
  Jerry Guo
  TechNet Community Support

• HT5312 How to set a rescue email address when I already have an Apple ID and I forgot my security questions

  How to set a rescue email address when I already have an Apple ID. Actually I forgot my security questions.

  You won't be able to add one until you can answer your questions, you will need to contact iTunes Support / Apple to get the questions reset.
  Contacting Apple about account security : http://support.apple.com/kb/HT5699
  When they've been reset you can then use the steps half-way down the HT5312 page that you posted from to add a rescue email address for potential future use

• How to set security type for lenovo working with hotspot?

  How to set wireless security type for lenovo laptop working with hotspot?
  Since I can connect with the other laptops except this brand.

  //add related mutip-part to combine parts
  MimeMultipart multipart = new MimeMultipart("related");
  //attach a pdf
  messageBodyPart = new MimeBodyPart();
  fds = new FileDataSource("h:/something.pdf");
  messageBodyPart.setDataHandler(new DataHandler(fds));
  messageBodyPart.setFileName(fds.getName());
  multipart.addBodyPart(messageBodyPart);
  //add multipart to the message
  message.setContent(multipart);
  //send message
  Transport.send(message);

• How to set security for output merged PDF?

  If you wan to to set password or other security for your output merged PDF, how to do? there is the tutorial:http://www.kvisoft.com/tutorials/how-to-set-security-merged-pdf.html

  If you have a credit card, add it to your account, then you'll just be asked to verify your CVV code instead. You can remove it after.