IBM Support

Securing JSESSIONID cookie for the admin console

Technote (troubleshooting)


The Admin console leverages the JSESSIONID cookie to keep session state without using the cookie secure flag. If an installation wishes to enable the secure flag on the JSESSION Cookie, the following procedure can be used.

Resolving the problem

A script is provided to enable the secure flag for the administrative console. This is being provided in as script as in order to enable. Run the enable to enable the secure flag on the JSESSION Cookie for the administrative console. This change will restart the administrative console application immediately on completion of the script. Please insure that the no updates are being made using the console when the script is run.

1) Run the script as follow:

wsadmin -lang jython -user xxxx -password xxxx -f enable

2) After running this script, the defaultCookieSetting secure flag is set to true in the
<defaultCookieSettings xmi:id="Cookie_xxxxxx" domain="" maximumAge="-1" path="/ibm" secure="true"/>

3) restart dmgr

Document information

More support for: WebSphere Application Server
Administrative Console (all non-scripting)

Software version: 6.1, 7.0, 8.0, 8.5

Operating system(s): AIX, HP-UX, IBM i, Linux, Solaris, Windows, iOS, z/OS

Software edition: Advanced, Base, Developer, Enterprise, Express, Network Deployment, Single Server

Reference #: 1661738

Modified date: 17 February 2014

Translate this page: