-
Bug
-
Resolution: Duplicate
-
P4
-
7
-
x86
-
windows_2008
FULL PRODUCT VERSION :
java version "1.7.0_07"
ADDITIONAL OS VERSION INFORMATION :
Microsoft Windows [Version 6.1.7601]
A DESCRIPTION OF THE PROBLEM :
We are using JavaFX's webview in our Swing application to provide rich, cross-platform browsing capabilities. Some of the URL's we need to display require the user to be authenticated. Typically, this will involve using 'HttpOnly' cookies. We have found that Java 7u7 is unable to read these cookies when running in Firefox or Chrome, usually resulting in the user being redirected to the relevant login url. IE8+ appears to behave correctly, as suggested by delivered BugIDs 7077220 and 2217749. These bugs mention that FF/Chrome remain unresolved and tags a new bugID 7116429 to resolve, however this bug cannot be found in the (public) Bug database, and based on our observations, remains unresolved.
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
Setup a simple java application using JavaFX and WebView. Navigate to a page expecting a httpOnly cookie. Observe (using Fiddler or some other sniffer) that the cookies are not being made available to Java in FF/Chrome. Run the applet in IE. Observe that the cookies is made available as expected.
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
httpOnly behaviour should be the same across browsers.
ACTUAL -
Firefox/Chrome behave differently to IE.
REPRODUCIBILITY :
This bug can be reproduced always.
CUSTOMER SUBMITTED WORKAROUND :
The only workaround we have is to disable httpOnly cookies where we control the website. In many cases this is not possible however.
java version "1.7.0_07"
ADDITIONAL OS VERSION INFORMATION :
Microsoft Windows [Version 6.1.7601]
A DESCRIPTION OF THE PROBLEM :
We are using JavaFX's webview in our Swing application to provide rich, cross-platform browsing capabilities. Some of the URL's we need to display require the user to be authenticated. Typically, this will involve using 'HttpOnly' cookies. We have found that Java 7u7 is unable to read these cookies when running in Firefox or Chrome, usually resulting in the user being redirected to the relevant login url. IE8+ appears to behave correctly, as suggested by delivered BugIDs 7077220 and 2217749. These bugs mention that FF/Chrome remain unresolved and tags a new bugID 7116429 to resolve, however this bug cannot be found in the (public) Bug database, and based on our observations, remains unresolved.
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
Setup a simple java application using JavaFX and WebView. Navigate to a page expecting a httpOnly cookie. Observe (using Fiddler or some other sniffer) that the cookies are not being made available to Java in FF/Chrome. Run the applet in IE. Observe that the cookies is made available as expected.
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
httpOnly behaviour should be the same across browsers.
ACTUAL -
Firefox/Chrome behave differently to IE.
REPRODUCIBILITY :
This bug can be reproduced always.
CUSTOMER SUBMITTED WORKAROUND :
The only workaround we have is to disable httpOnly cookies where we control the website. In many cases this is not possible however.
- duplicates
-
JDK-8038997 Browsers failed to pass HttpOnly cookie to JRE
- Closed
-
JDK-7116429 Retrieve HttpOnly cookie from Firefox/Mozilla
- Closed
- relates to
-
JDK-7077220 Plugin CookieHandler ignores HttpOnly cookies
- Closed