Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-7095980

Ensure HttpURLConnection (and supporting APIs) don't expose HttpOnly cookies

XMLWordPrintable

    • Icon: Enhancement Enhancement
    • Resolution: Fixed
    • Icon: P2 P2
    • 8
    • 7
    • core-libs
    • None
    • b19
    • generic
    • generic
    • Verified

        Once CR 7077220 is fixed the Plugin CookieHandler may be able to retrieve HttpOnly cookies from the browsers cookie store. This CR is concerned with ensuring HttpOnly cookies are not accessible to application code ( trusted or untrusted ).

        HttpOnly cookies should only be accessible to the HTTP client implementation, so that they can be used in HTTP requests, and NOT anywhere else.

              chegar Chris Hegarty
              chegar Chris Hegarty
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated:
                Resolved:
                Imported:
                Indexed: