java.net.CookieManager, the default CookieHandler, doesn't enforce the httpOnly tag.
Cookies that are tagged with "httpOnly" should only be returned when the intended use if transmission over http or https. I.E. when the scheme of the URI passed in get() is http or https.
Cookies that are tagged with "httpOnly" should only be returned when the intended use if transmission over http or https. I.E. when the scheme of the URI passed in get() is http or https.
- relates to
-
JDK-6865629 Backport JDK 7 Cookie fixes to JDK 6
-
- Closed
-