P4
RFC 6265 defines HTTPOnly cookies as follows:
"The HttpOnly attribute limits the scope of the cookie to HTTP
requests. In particular, the attribute instructs the user agent to
omit the cookie when providing access to cookies via "non-HTTP" APIs
(such as a web browser API that exposes cookies to scripts)."
However, the current java.net.CookieHandler interface does not seem to be designed for use by such "non-HTTP" APIs, in that it does not provide a clear mechanism to omit HTTPOnly cookies when accessing cookies via CookieHandler.get() and .set().
This is becaming a problem for the JavaFX WebView control, which effectively acts as a web browser and thus needs to be able to omit HTTPOnly cookies when passing cookies to and from the scripts running inside web pages.
"The HttpOnly attribute limits the scope of the cookie to HTTP
requests. In particular, the attribute instructs the user agent to
omit the cookie when providing access to cookies via "non-HTTP" APIs
(such as a web browser API that exposes cookies to scripts)."
However, the current java.net.CookieHandler interface does not seem to be designed for use by such "non-HTTP" APIs, in that it does not provide a clear mechanism to omit HTTPOnly cookies when accessing cookies via CookieHandler.get() and .set().
This is becaming a problem for the JavaFX WebView control, which effectively acts as a web browser and thus needs to be able to omit HTTPOnly cookies when passing cookies to and from the scripts running inside web pages.
- relates to
-
JDK-7038890 CookieHandler.getDefault().get() with "javascript:" URI hangs or otherwise works incorrectly
-
- Closed
-