We have an appllication using OC4J stand alone (10.1.3.5).
We notice sometimes there is JsessionID is attached to URL. When we do security test, we found there are authenticate cookies presented. we don't set cookies in our application. After reading documents, I know those session cookies are automatically generated once a request is initiated. Then, how do I set those cookies as secured cookieds and nobody uses it to attack out site?