Setting secure cookie in iPlanet

Hi All,
I would like to set the JSESSIONID cookie as Secure. I read the product documentation for iPlanet Web Server 6.0 and it suggest to use the session-cookie in web-apps.xml. I try to modify the file as following and restart the server
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE vs PUBLIC "-//Sun Microsystems, Inc.; iPlanet//DTD Virtual Server Web Applications 6.0//EN"
"http://developer.iplanet.com/webserver/dtds/iws-webapps_6_0.dtd">
<vs>
<session-cookie is-secure="true"/>
</vs>
Unfortunately, it doesn't work, the JSESSIONID is still not Secure Cookie. Does anyone have solution on this? Thanks in advance.
-Wallace

I do face the Same Problem. Please Let me know aswell.

Similar Messages

Setting secure flag on weblogic (5.1) session cookie.

Hello All,
          I need to set secure flag on weblogic session cookie. I am not able to
          find any property in weblogic.properties file to set the secure flag for
          session cookie.
          Does anybody has any idea how to achieve this.?
          Thanks
          Nitin


The best way to reduce GC is to change you application to use less memory. Serious.
There are a number of JVM options for GC. I can't tell you what will work best
for your application.
25 seconds is way too long for a GC. Is the OS paging? You may wish to invest
in additional memory.
Mike Reiche
vijendran <[email protected]> wrote:
Hi,
I am running a load test which will simulate 100 users. when i tried
to simulate i found that GC is happening often even though i set the
heap to 512 MB., and that too some time it takes upto 25 secs. for a
GC to complete. Please advise on how to increase the performance for
more number of users (without clustering weblogic) and to avoid GC happening
often.
Regards
Vijendran

Making secure cookies with cfscript

With the ability to make components in CF9, I thought we would get the ability to make cookies via cfscript. Am I missing something or is this still not available?

Haha. I do have a tendency to over complicate things. This is only half the story though, the importance of setting the "secure" flag is not for the server, but for the client browser.
You can set a cookie in SSL and have it not be secure. It doesn't "secure" the cookie by default. As soon as the page is rendered unencrypted the client will share that cookie information with the server. A secure cookie will not be shared by the client unless the connection is secure (and domain/path is matched).
Hence, simply setting a cookie under SSL does not suffice as a secure scenario.   Read more here : http://resources.enablesecurity.com/resources/Surf%20Jacking.pdf Particularly page 3. PCI security compliance companies will say during an audit that all cookies must be marked as "secure" in addition to the use of SSL.
What is frustrating about Coldfusion is that by default the JSESSIONID does not mark as "secure" even when using SSL. So either you manually do this upon request (which can be problematic as it is publishing the unsecure cookie first) or modify the jrun-web.xml in WEB-INF with the following:
<session-config>
    <cookie-config>
    <cookie-secure>true</cookie-secure>
</cookie-config>
</session-config>
Returning to my original rant, I'm hoping Adobe (great job on CF9 btw!!) will eventually have all of the tags available via cfscript.

"Don't allow sites that set removed cookies to set future cookies"

I'm having a problem shopping and/or logging onto esteelauder.com (a site I have shopped from for years). Their tech folks indicated the problem appears to be with cookies and I should make sure that "Don't allow sites that set removed cookies to set future cookies" is not marked. I cannot find this in FF 3.6.15. I have removed all cookies related to this web site, but the problem still exists. I went to another computer to make sure it was not the web site, and was able to add items to the cart and log on with no problem. I am using a PC with Windows 7. This problem has just shown up in the last couple of weeks and so far only appears to be on this web site.

* You can see the permissions for the domain in the current tab in Tools > Page Info > Permissions
* Create an allow cookie exception (Tools > Options > Privacy > Cookies: Exceptions) to keep such a cookie, especially for secure websites and if cookies expire when Firefox is closed.
* In [[Private Browsing]] mode all cookies are session cookies that expire if that session is ended, so websites won't remember you.
* Do not use [[Clear Recent History]] to clear the "Cookies" and the "Site Preferences"
Clearing "Site Preferences" clears all cookies, images, pop-up windows, software installation, and password exceptions.
* http://kb.mozillazine.org/Cookies
* http://kb.mozillazine.org/Websites_report_cookies_are_disabled
If clearing the cookies doesn't help then it is possible that the file <i>cookies.sqlite</i> that stores the cookies is corrupted.
Rename (or delete) <b>cookies.sqlite</b> (cookies.sqlite.old) and delete <b>cookies.sqlite-journal</b> and <b>cookies.txt</b>, if they exist, in the [http://kb.mozillazine.org/Profile_folder_-_Firefox Profile Folder] in case the file cookies.sqlite got corrupted.

Secure cookie not supported by XSQL Servlet

Secure cookies are not supported by the XSQL engine.
The "set-cookie" that delivers writes "plain text" cookies on the client site.
Since these cookies could contain relevant information (e.g. oracle username/password credentials) and since these could not be removed from application side, it is crucial that XSQL provides support for secure cookies.
Any patch / comment is appreciated.

Hi Andrea,
This is more of an issue for BC-JAS-WEB than the UWL....
I have seen only a few other messages that are quite similar to this: Could you please check the following:
Is ICM being used?
It is possible that the http stream is corrupted.
There are some known issues between ICM and J2EE that can cause this
kind of behaviour.
Please review SAP notes 1048692 and 1068501 which
provide 2 different ways to solving the issue (update the SP level or
patch the http and server_jsp components).
If ICM is not used, then please check if there is some other proxy
between J2EE and the client. For testing, try requesting J2EE
directly, bypassing any network devices or proxies and check if the
issue occurs.
Best Regards,
Beth Maben
EP - Senior Support Consultant
AGS Primary Support, Business Suite & Technology
Please see the UWL Wiki @
https://www.sdn.sap.com/irj/scn/wiki?path=/display/bpx/uwl+faq ***

Not able to set security group without mail enabled as site collection admin using powershell in sharepoint online site - office 365

not able to set security group without mail enabled as site collection admin using powershell in sharepoint online site - office 365?
Any idea?

after few days test in my lab, I can see that only email enabled group can be added as site collection admin using POWERSHELL.
hope this helps who stuck like me!! :-)

Failed to set security on SQL Server registry key. Error: 2

Hi,
I have a Primary site (mixed mode) running SCCM 2007 SP1 for many months now with no issues.
This site is made up of two Win 2008 sp2 servers sharing the SCCM roles:-
SCCM01 - Site server, DP, RP, PXE and SQL2005 hosting the SCCM database
SCCM02 – SUP, MP, FSP, SLP
The SQL2005 on SCCM01 is running under a domain service account called
domain\service_sccm which is also a sysadmin in SQL as is the SCCM02 server.
In an effort to resolve the isse I have made this account a Domain Admin.
I have also used this account to log onto SEC01 to run the Secondary Site installation and to be the SQL Service account.
I'm now trying to add a Secondary Site on a Domain Controller called SEC01 (also Win2008 sp2) and on the same LAN as the SCCM01/02.
This is where I get problems.
I run the installation locally on the Sec Site server (DC) as a Domain Admin and the installation completes OK (all green ticks),
the ComponentSetup.log and Pre-Reqs are all good as well however when I check the ConfigMgrSetup.log I see the below -
Failed to set security on SQL Server registry key. Error: 2.
<11-09-2010 22:46:59> SMS Setup full version is 4.00.6221.1000
<11-09-2010 22:46:59> Successfully set security on Setup registry key.
<11-09-2010 22:46:59> Failed to set security on SQL Server registry key. Error: 2
<11-09-2010 22:46:59> Successfully set security on Identification registry key.
<11-09-2010 22:46:59> Creating SMS Inbox Source registry key ...
<11-09-2010 22:46:59> Installing SMS Site Component Manager ...
<11-09-2010 22:46:59> Installing Site Component Manager under acct <NT AUTHORITY\SYSTEM> path <C:\Program Files (x86)\Microsoft
Configuration Manager\bin\i386\sitecomp.exe>
<11-09-2010 22:47:01> Started Site Component Manager service
<11-09-2010 22:47:01> SMS Site Component Manager installation completed.
<11-09-2010 22:47:01> Done with service installation
Adding the PMP role to SEC01 also fails to install and no MPSetup or MPControl logs are created.
WebDav and win2008 roles, features all added and server fully patched.
Despooler.log on SCCM01 seems good and passing keys.
Tried installing to default path and to shortened path such as C:\SCCM
The new secondary site is listed in the console and an address can be added for the Secondary Site
BITS Server Extensions and Remote Differential Compression Features are enabled.
The Group memberships all appear ok:-
SCCM01
Local Admins
contains the sec site server SEC01, SCCM01, installation accounts
SMS_SiteToSiteConnection_001
SEC01 (the sec site server)
SMS_SiteSystemToSiteServerConnection_001
SCCM02
SEC01
No Local Admins as a DC
SMS_SiteToSiteConnection_002
SCCM01
SMS_SiteSystemToSiteServerConnection_002
empty
SQL 2005
This has the account logged in during installation as a sysadmin
SCCM02 is also sysadmin
The fundamental issue appears to be that the SEC01$ server account is not being added to SQL Logins (and therefore SCCM database Roles)
therefore the installation cannot complete.
I have tried to manually add the SEC01 account to SQL Logins before installation of Sec Site but this did not work.
Not sure if the fact that SEC01 is a DC may be a factor.
Appreciate any help if anyone has seen this before or can suggest a resolution.
Thanks

After a lot of digging around and head scratching I eventually found the resolution.
The original thread title Error turned out to be a bit of a red herring in that my failure to deploy Sec Sites came down to two separate issues seemingly unrelated to the error message of the thread title.
The first part of the resolution was to manually create the SQL Server accounts for the Sec Site Servers and assign them to the smsdbrole_MP DB role to
let the SQL side of the SCCM install complete a s these were not being created automatically.
This then left the fact that that the installation of the Sec Site completed successfully according to the install logs in C:\ however the DP and MP would
never install.
The big clue was eventually contained in the mpfdm.log errors relating to
**ERROR: Cannot find path for destination inbox SMS_AMT_PROXY_COMPONENT on server REGISTRY SMS_MP_FILE_DISPATCH_MANAGER
and
**ERROR: Cannot find path for destination inbox Asset Intelligence KB Manager on server REGISTRY SMS_MP_FILE_DISPATCH_MANAGER
Thankfully the errors led me to these two blogs:
http://myitforum.com/cs2/blogs/scassells/archive/2009/07/20/error-cannot-find-path-for-destination-inbox-sms-amt-proxy-component-on-server-registry.aspx
and
http://social.technet.microsoft.com/Forums/en-US/configmgrsetup/thread/5fcc53d4-8629-4b34-9eaa-6cb020eedc13/
As it turned out the SCCM installation registry and folder creation does not complete and I had to manually enter the reg settings as detailed in the
links above to complete the installation. Once I did as described everything worked a treat – all my MPs and DPs are 100% now.
Solutions
Add the following reg keys to each of your effected secondary sites.
Inbox Fix
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SMS\MPFDM\Inboxes]
"Asset Intelligence KB Manager"="E:\\Program Files\\Microsoft Configuration Manager\\inboxes\\AIKbMgr.box"
"SMS_AMT_PROXY_COMPONENT"="E:\\Program Files\\Microsoft Configuration Manager\\inboxes\\amtproxy.box"
Asset Intelligence fix:
Note: you will need to identify the next largest key value.
In my example it was key 49
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SMS\Inbox Source\Inbox Definitions\49]
"Inbox Name"="Asset Intelligence KB Manager"
"Relative Path"="inboxes\\AIKbMgr.box"
"NAL Path"=""
"User Rights"=dword:00000000
"Service Rights"=dword:00000004
"Monitoring Enabled"=dword:00000001
"Location Type"=dword:00000001
"Guest Rights"=dword:00000001
AMT registry Fix.
  Note: you will need to identify the next largest key value.
In my example it was key 50
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SMS\Inbox Source\Inbox Definitions\50]
"Inbox Name"="SMS_AMT_PROXY_COMPONENT"
"Relative Path"="inboxes\\amtproxy.box"
"NAL Path"=""
"User Rights"=dword:00000000
"Service Rights"=dword:00000004
"Monitoring Enabled"=dword:00000001
"Location Type"=dword:00000001
"Guest Rights"=dword:00000001
Big thanks to Shaun Cassells and John Marcum for these blogs

How to set security group as primary site collection admin and secondary site collection admin using powershell in sharepoint online site - office 365?

How to set security group as primary site collection admin and secondary site collection admin using powershell in sharepoint online site - office 365?

Hi,
According to your description, my understanding is that you want to set security group as admin of primary and secondary site collection using PowerShell command in office 365.
I suggest you can use the command below to set the group to site owner, then it will have the site collection admin permission.
Set-SPOSite -Identity https://contoso.sharepoint.com/sites/site1 -Owner [email protected] -NoWait
Here are some detailed articles for your reference:
https://technet.microsoft.com/en-us/library/fp161394(v=office.15)
http://blogs.realdolmen.com/experts/2013/08/16/managing-sharepoint-online-with-powershell/
Thanks
Best Regards
Jerry Guo
TechNet Community Support

Setting the cookies value

hi,
when i do, submiting the page i'm able to set the cookie value.I'm not getting any messages. But the Same time when i call the proceudre with parameters from the URL i'm not able to store the cookie value.
It display's the message like this and the value is not stored in the cookies
Content-type: text/html Set-Cookie: emp_no=9999X; path=/;
my code is :
owa_util.mime_header('text/html',FALSE);
     owa_cookie.send('emp_no',UPPER(lv_emp_no),null,'/',null,null);
owa_util.http_header_close;
How do i solve this problem?
Thanks

Hi,
Here are a couple of things you can try:
1) remove the following line because it shouldn't be necessary:
the_cookie.num_vals :=0;2) remove the following line because the owa_cookie.send will automatically replace any existing cookie:
     owa_cookie.remove('emp_no',the_cookie.vals(1),null);3) try capturing the cookie value in a local variable and printing it (after htp.body, of course) to see if it is working correctly.
4) enable the browser to prompt you when a cookie is being set so that you can verify whether it is being set or not.
HTH,
Ashesh Parekh
Oracle9iAS Product Management
hi,
Something like this...
Code
PROCEDURE checkLogin ( emp_no in varchar2 default NULL) IS
     pv_check_f      BOOLEAN ;
the_cookie      owa_cookie.cookie;
BEGIN
pv_check_f := FUN_EMP_PASSWORD(UPPER(emp_no) ) ;
IF NOT pv_check_f THEN
     v_msg := 'Sorry Log on denied';
     RAISE EMP_ERROR;
     END IF ;
the_cookie.num_vals :=0;
the_cookie:= owa_cookie.get('emp_no');
if the_cookie.num_vals= 0 then
          owa_util.mime_header('text/html',FALSE);
          owa_cookie.send('emp_no',UPPER(emp_no),null,'/',null,null);
          owa_util.http_header_close;
     else
          owa_util.mime_header('text/html',FALSE);
     owa_cookie.remove('emp_no',the_cookie.vals(1),null);
          owa_cookie.send('emp_no',UPPER(emp_no),null,'/',null,null);
owa_util.http_header_close;
end if;
htp.p('<script language="javascript">
window.location="http://www...URL";
</script>');
     htp.formclose;
EXCEPTION
     WHEN EMP_ERROR THEN
     Pageheader;
Procedurename.Banner('Login denied');
htp.fontOpen('red','Arial Narrow');
htp.header(3,lv_msg);
loginagain;
htp.fontClose;
htp.centeropen;
     htp.br;
     htp.p('<INPUT type="button" value="Back" onClick="history.back()">');
     htp.br;
     htp.centerclose;
pagefooter;
END checkLogin;
calling the Procedure "checklogin" with the parameter emp_no from the URL like this
"http://....:8810/dir/Packname.checkLogin?emp_no=9ABCDS".
Waiting for ur replay.
Thanks.

Combine functionality Batch Create Multiple files and Set Security

Greetings,
Is there any way to combine the functionality of Acrobat Pro’s “Batch Create Multiple Files” (File (drop down) -> Create PDF -> Batch Create Multiple Files…) and running a batch process (Advanced -> Document Processing -> Batch Processing -> Batch Sequences -> Set Security)?
Ideally I’d like to either:
1) Add the “Set Security” batch process to the “Batch Create Multiple Files … command located under the File (drop down) -> Create PDF
or
2) Be able to create a batch process that first allows me to select the documents (Word, Excel, etc.) I want to convert into PDF files, then converts them, then runs the Set Security batch process.
Right now it isn’t too much trouble to first “Create Multiple Files…” then run the batch process Set Security, but it would be nice to be able to do both with a single command.
Any suggestions?
Thank you,
TPK

I have uploaded the files and shared them. These are the links
Grade 11 Maths Standardisation Project Paper 2 2013.doc
https://files.acrobat.com/preview/9694310d-ca7f-4919-883d-c53b36215d89
Grade 11 Maths Standardisation Project Paper 2 Analysis Grid 2013.doc
https://files.acrobat.com/preview/97da9e5f-d412-4d25-9bbc-d1a525d90826
Grade 11 Maths Standardisation Project Paper 2 Diagram Sheet 2013.doc
https://files.acrobat.com/preview/f50dd62e-af04-4060-85c5-fa81ce6803d8
Grade 11 Maths Standardisation Project Paper 2 Formula Sheet 2013.doc
https://files.acrobat.com/preview/7fc6007b-aaa6-4d65-9a8c-bf99818474a5
Grade 11 Maths Standardisation Project Paper 2 Marking Guidelines 2013.doc
https://files.acrobat.com/preview/b3a715bb-3683-48df-b0ec-3d17442275be
Grade 11 Maths Standardisation Project Paper I Analysis Grid 2013.docx
https://files.acrobat.com/preview/ab62e6b6-0261-434e-8a2f-382f74335685
The first file is the problem file. If you create this file separately, Acrobat will convert it perfectly. But "Batch create multiple files" and the graphics are deconstructed on page 8

Setting identical cookie names on a response

          WebLogic Server 6.1 SP2 running on NT 4.0 SP6
          We need to use a non-persistent cookie as a persistence mechanism to store sessioninformation
          when a user browser on multiple pages. The cookie may be set multipletimes on
          the same page using the same response (since the request can be sharedby multiple
          jsp's included in the page).I am noticing that when we set multiple cookies with
          identical name on the sameresponse - the most recent cookie which stores the most
          updated information ISN'Tnecessarily the one which get is get set.This functionality
          is critical for our application's session management and becauseof that problem
          we can't have a reliable way to set a cookie multiple times withinthe same page
          (again - essential in our case)Here is a simple test case that contains 2 jsp's
          that demonstrate the problem.You can place them in the web root and invoke the
          first one - set_cookie.jsp.Subsequently invoke second jsp get_cookie.jsp and you
          will see that the most recentset value ISN'T the one that is read from the cookie.Thanks
          in advanceAri [email protected] get cookie code jsp
          follows (apparently can attach only one file)yields the first cookie set and not
          the last one.
          [set_cookie.jsp]


          Sorry for the multiple postings (an error)
          Here is the check_cookies.jsp
          TIA
          Ari
          "Ari" <[email protected]> wrote:
          >
          >
          >
          >WebLogic Server 6.1 SP2 running on NT 4.0 SP6
          >
          >We need to use a non-persistent cookie as a persistence mechanism to
          >store sessioninformation
          >when a user browser on multiple pages. The cookie may be set multipletimes
          >on
          >the same page using the same response (since the request can be sharedby
          >multiple
          >jsp's included in the page).I am noticing that when we set multiple cookies
          >with
          >identical name on the sameresponse - the most recent cookie which stores
          >the most
          >updated information ISN'Tnecessarily the one which get is get set.This
          >functionality
          >is critical for our application's session management and becauseof that
          >problem
          >we can't have a reliable way to set a cookie multiple times withinthe
          >same page
          >(again - essential in our case)Here is a simple test case that contains
          >2 jsp's
          >that demonstrate the problem.You can place them in the web root and invoke
          >the
          >first one - set_cookie.jsp.Subsequently invoke second jsp get_cookie.jsp
          >and you
          >will see that the most recentset value ISN'T the one that is read from
          >the cookie.Thanks
          >in advanceAri [email protected] get cookie
          >code jsp
          >follows (apparently can attach only one file)yields the first cookie
          >set and not
          >the last one.
          [check_cookie.jsp]

How to set the cookie or session of one domain to another domain

Hi,
I am using tomcat server. I am facing a issue of session lost when I am moving from one domain to another domain.
e.g. http://mydomain.com/ to http://a.mydomain.com.
Is there any way to set the cookie or same session to sub domain in tomcat.
Please help me. I will be highly obliged.

a tutorial from JavaWorld
http://www.javaworld.com/javaworld/jw-01-2001/jw-0126-servlets.html?page=1

How to set a cookie in the browser from an html page called via an Iview

How to set a cookie in the browser from an html page called via an Iview
Hello all,
I have an issue which is causing problems. I have a snap survey (html form with submit and cookie setting) which is embedded in a url iview.
Although the submit and the form work fine, the portal will not allow the cookie to be set it seems.
Is there a way to allow cookies to be set from an embedded page in a url iview??
You will make my day if you know!
System: EP7 SP13
Kind regards
Alex

Hi,
Check this:
http://www.oracle.com/technology/products/ias/portal/html/same_cookie_domain_with_pdkv2.html
Cookie Basics
Web browsers have built in rules for receiving and sending cookies. When a browser makes a request to a web server and the web server returns cookies with the response, the browser will only accept a cookie if the domain associated with the cookie matches that of the original request. Similarly, when a browser makes a subsequent request, it will only send those cookies whose domain matches that of the target web server.
These rules are designed to ensure that information encoded in cookies is only "seen" by the web server(s) that the originator of the cookie intended. These rules also ensure that the cookie cannot be corrupted or imitated by another server. By default, the domain associated with a cookie exactly matches that of the server that created it. However, it is possible to modify the domain at the time the cookie is created. Relaxing the cookie domain increases the scope of the cookie's visibility making it available to a wider "audience" of web servers.
For example, if a cookie is created by a.us.oracle.com, it's domain will usually be set to a.us.oracle.com. This means that the browser will only send the cookie to a.us.oracle.com. It will never send it to any other servers. However, if at the time of creation, the domain of the cookie is set to .us.oracle.com, the browser will send the cookie to any server whose domain falls within .us.oracle.com. such as portal.us.oracle.com, provider.us.oracle.com, app.us.oracle.com etc
Regards,
Praveen Gudapati

How to set HTTP cookie ORA_adf_viewScope

Hi,
I'm recording ADF page navigation using LoadRunner. From the browser, I see that one POST request sets http cookie ORA_adf_viewScope and the subsequent GET submits this cookie as part of the HTTP header. I don't see this cookie from any of the page source. LoadRunner is not able to record this cookie as well. Hence when I replay LR script, the GET request returns wrong page.
Any one knows how to set this cookie?
Thanks,
Tong
Edited by: user708470 on Jun 18, 2009 12:07 PM

I believe it is possible since axis adapter provides very same functionality. Let me summarize my scenario may be it helps:
I am trying to call series of webservice lets say in a BPM. First service (login service) will provide me with a session id (in http header with key Set-Cookie) then I will call another service which has that session id in its http header with key cookie then I am going to logout. So I am testing the second part now, but it doest let me send cookie http header parameter.
I hope I clarified a bit more my problem.
Regards,

Can you set security on Collab folders or just projects?

I know this is the Content Services forum, but I couldn't find a forum for Collab. Anyone know if you can set security to the folder level in Collab 4.0.2 or can you only set it to the project level?

thanks for the clarification...there is no concept of setting security on actual project folders. Security is managed on an individual project basis.

Setting secure cookie in iPlanet

Similar Messages

Maybe you are looking for