Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-6873543

CookieManager doesn't enforce httpOnly

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: P4 P4
    • 7
    • 7
    • core-libs
    • None
    • b77
    • generic
    • generic

      java.net.CookieManager, the default CookieHandler, doesn't enforce the httpOnly tag.
      Cookies that are tagged with "httpOnly" should only be returned when the intended use if transmission over http or https. I.E. when the scheme of the URI passed in get() is http or https.

            jccollet Jean-Christophe Collet (Inactive)
            jccollet Jean-Christophe Collet (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

              Created:
              Updated:
              Resolved:
              Imported:
              Indexed: