Turn on the HttpOnly flag for session cookies within WebLogic for the Empirica Healthcare Analysis software

Using the HttpOnly flag when generating a cookie helps mitigate the risk of a client-side script accessing the protected cookie.

Perform these steps on the application server.

To turn on the HttpOnly flag for session cookies:

1. Navigate to the following directory:

   $INSTALL_DIR/Healthcare/WEB-INF

2. Open the weblogic.xml file, and scroll to the <session-descriptor> section.
3. If the section does not contain the following element, add the element:

   <wls:cookie-http-only>true</wls:cookie-http-only>

Note: When the flag is turned on, users must use Microsoft Internet Explorer 8 or later and Java 7 or later to view single-patient and multi-patient timelines as applets. Users running older releases should deselect the Display Patient Timelines as applets user preference. Alternatively, you can deselect the Enable User Preference to display Patient Timelines as applet site option, which turns off the applet viewing mode for all users.