Loading...

XML

Word

Printable

Details

Type: Enhancement
Resolution: Fixed
Priority: P3
Fix Version/s: 7u4
Affects Version/s: 6u7, 6u23, 6u24, 6u37, 7
Component/s: deploy
Labels:
- CAP
- cap-7u4

Subcomponent:
plugin
Resolved In Build:
b05
CPU:

generic, x86
OS:

generic, windows, windows_xp
Verification:
Verified

Backports

Issue	Fix Version	Assignee	Priority	Status	Resolution	Resolved In Build
JDK-2217749	8	Dennis Gu	P3	Resolved	Fixed	b18

Description

In the applet mode, the CookieHandler.getDefault().put() call appears to ignore HttpOnly cookies. For example, if the applet calls CookieHandler.getDefault().put() with two cookies, one with HttpOnly attribute and one without the HttpOnly attribute and then immediately calls CookieHandler.getDefault().get() for the same URI, only the cookie without the HttpOnly attribute is returned. See the attached example. This happens in both IE8 and Firefox 3.6.18.

This issue causes problems with the https://www.google.com/accounts/ServiceLogin service, which makes use of HttpOnly cookies. Specifically, this issue appears to be the root cause for http://javafx-jira.kenai.com/browse/RT-15676

Example applet code:

public class CookieTest extends JApplet {

    private JTextArea textArea;

    @Override
    public void init() {
        try {
            SwingUtilities.invokeAndWait(new Runnable() {
                @Override public void run() {
                    setLayout(new BorderLayout());

                    JButton button = new JButton("Test");
                    button.addActionListener(new ActionListener() {
                        @Override public void actionPerformed(ActionEvent e) {
                            test();
                        }
                    });
                    add(button, BorderLayout.NORTH);

                    textArea = new JTextArea();
                    add(textArea, BorderLayout.CENTER);
                }
            });
        } catch (Exception e) {
            System.err.println("createGUI didn't complete successfully");
        }
    }

    private void test() {
        try {
            CookieHandler handler = CookieHandler.getDefault();

            URI uri = new URI("https://www.google.com/accounts/ServiceLogin");

            Map<String, List<String>> headers =
                    new HashMap<String, List<String>>();
            headers.put("Set-Cookie", Arrays.asList(
                    "FOO=BAR;HttpOnly","ABC=XYZ"));

            handler.put(uri, headers);
            textArea.append("put: " + headers + "\n");

            headers = handler.get(uri, new HashMap<String, List<String>>());
            textArea.append("got: " + headers + "\n");
        } catch (Exception ex) {
            textArea.setText("Error, consult Java console for more info");
            ex.printStackTrace(System.err);
        }
    }
}

Expected output (in the text box next to the "Test" button):

    put: {Set-Cookie=[FOO=BAR;HttpOnly, ABC=XYZ]}
    got: {Cookie=[FOO=BAR, ABC=XYZ]}

Actual output:

    put: {Set-Cookie=[FOO=BAR;HttpOnly, ABC=XYZ]}
    got: {Cookie=[ABC=XYZ]}

Attachments

Issue Links

backported by

JDK-2217749 Plugin CookieHandler ignores HttpOnly cookies

Resolved

duplicates

JDK-6890023 Network: Cookies marked HttpOnly not included in URLConnection requests

Closed

relates to

JDK-7038890 CookieHandler.getDefault().get() with "javascript:" URI hangs or otherwise works incorrectly

Closed

JDK-7196513 Java is unable to read httponly cookies in Firefox/Chrome

Closed

JDK-7095980 Ensure HttpURLConnection (and supporting APIs) don't expose HttpOnly cookies

Closed

Activity

People

Assignee:: Dennis Gu (Inactive)

Reporter:: Vasiliy Baranov (Inactive)

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 2011-08-10 04:12

Updated:: 2012-01-24 08:44

Resolved:: 2012-01-16 06:39

Imported:: 18/Sep/12 12:09 AM

Indexed:: 07/Sep/12 2:44 AM