Details
-
Bug
-
Status: Resolved
-
P3
-
Resolution: Duplicate
-
7u9
-
None
Description
FULL PRODUCT VERSION :
JVM: 1.7.0_09
ADDITIONAL OS VERSION INFORMATION :
Microsoft Windows [Version 6.1.7600]
A DESCRIPTION OF THE PROBLEM :
When loading URLs from a particular server (possibly others but there is only one that I have come across with this issue so far) the headers give a null value for the " Set-Cookie " lines.
This only occurs in versions of the JRE after 1.7.0, including the very latest 1.7.0_09.
The headers from a wireshark trace produce the same, correct result as 1.7.0.
REGRESSION. Last worked in version 7
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
Load this URL: http://secure.adnxs.com/seg?add=136880&t=2
Output the raw headers.
Two " Set-Cookie " lines will have the value " null " .
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
The following are the headers from a wireshark trace:
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref= " http://cdn.adnxs.com/w3c/policy/p3p.xml " , CP= " NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE "
X-XSS-Protection: 0
Set-Cookie: sess=1; path=/; expires=Sun, 04-Nov-2012 22:23:39 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=460040437773960124; path=/; expires=Fri, 01-Feb-2013 22:23:39 GMT; domain=.adnxs.com; HttpOnly
Location: https://secure.adnxs.com/bounce?%2Fseg%3Fadd%3D136880%26t%3D2
Date: Sat, 03 Nov 2012 22:23:39 GMT
Content-Length: 0
Content-Type: text/html; charset=ISO-8859-1
The following is from JRE 1.7.0:
Cache-Control = no-store, no-cache, private
Pragma = no-cache
Expires = Sat, 15 Nov 2008 16:00:00 GMT
P3P = policyref= " http://cdn.adnxs.com/w3c/policy/p3p.xml " , CP= " NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE "
X-XSS-Protection = 0
Set-Cookie = sess=1; path=/; expires=Sun, 04-Nov-2012 22:28:12 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie = uuid2=2223681920338249155; path=/; expires=Fri, 01-Feb-2013 22:28:12 GMT; domain=.adnxs.com; HttpOnly
Location = https://secure.adnxs.com/bounce?%2Fseg%3Fadd%3D136880%26t%3D2
Date = Sat, 03 Nov 2012 22:28:12 GMT
Content-Length = 0
Content-Type = text/html; charset=ISO-8859-1
ACTUAL -
The following are the headers from 1.7.0_09:
Cache-Control = no-store, no-cache, private
Pragma = no-cache
Expires = Sat, 15 Nov 2008 16:00:00 GMT
P3P = policyref= " http://cdn.adnxs.com/w3c/policy/p3p.xml " , CP= " NOI DSP COR ADM P
SAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE "
X-XSS-Protection = 0
Set-Cookie = null
Set-Cookie = null
Location = https://secure.adnxs.com/bounce?%2Fseg%3Fadd%3D136880%26t%3D2
Date = Sat, 03 Nov 2012 22:29:19 GMT
Content-Length = 0
Content-Type = text/html; charset=ISO-8859-1
ERROR MESSAGES/STACK TRACES THAT OCCUR :
NullPointerExceptions occur if trying to process the " Set-Cookie " lines.
REPRODUCIBILITY :
This bug can be reproduced always.
---------- BEGIN SOURCE ----------
package cookieissueinvestigation;
import java.net.CookieHandler;
import java.net.CookieManager;
import java.net.CookiePolicy;
import java.net.HttpURLConnection;
import java.net.URL;
public class CookieIssueInvestigation
{
public static void main(String[] args)
{
System.out.println( " JVM: " + System.getProperty( " java.version " ));
try
{
//Instantiate CookieManager; make sure to set CookiePolicy
CookieManager manager = new CookieManager();
manager.setCookiePolicy(CookiePolicy.ACCEPT_ALL);
CookieHandler.setDefault(manager);
//get content from URLConnection
URL urlObject = new URL( " http://secure.adnxs.com/seg?add=136880&t=2 " );
HttpURLConnection connection = (HttpURLConnection) urlObject.openConnection();
connection.setUseCaches(false);
connection.setInstanceFollowRedirects(true);
connection.connect();
String headerName;
for (int i = 1; (headerName = connection.getHeaderFieldKey(i)) != null; i++)
{
System.out.println(headerName + " = " + connection.getHeaderField(i));
}
}
catch (Exception e)
{
System.out.println( " Exception - " +e);
}
}
}
---------- END SOURCE ----------
JVM: 1.7.0_09
ADDITIONAL OS VERSION INFORMATION :
Microsoft Windows [Version 6.1.7600]
A DESCRIPTION OF THE PROBLEM :
When loading URLs from a particular server (possibly others but there is only one that I have come across with this issue so far) the headers give a null value for the " Set-Cookie " lines.
This only occurs in versions of the JRE after 1.7.0, including the very latest 1.7.0_09.
The headers from a wireshark trace produce the same, correct result as 1.7.0.
REGRESSION. Last worked in version 7
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
Load this URL: http://secure.adnxs.com/seg?add=136880&t=2
Output the raw headers.
Two " Set-Cookie " lines will have the value " null " .
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
The following are the headers from a wireshark trace:
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref= " http://cdn.adnxs.com/w3c/policy/p3p.xml " , CP= " NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE "
X-XSS-Protection: 0
Set-Cookie: sess=1; path=/; expires=Sun, 04-Nov-2012 22:23:39 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=460040437773960124; path=/; expires=Fri, 01-Feb-2013 22:23:39 GMT; domain=.adnxs.com; HttpOnly
Location: https://secure.adnxs.com/bounce?%2Fseg%3Fadd%3D136880%26t%3D2
Date: Sat, 03 Nov 2012 22:23:39 GMT
Content-Length: 0
Content-Type: text/html; charset=ISO-8859-1
The following is from JRE 1.7.0:
Cache-Control = no-store, no-cache, private
Pragma = no-cache
Expires = Sat, 15 Nov 2008 16:00:00 GMT
P3P = policyref= " http://cdn.adnxs.com/w3c/policy/p3p.xml " , CP= " NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE "
X-XSS-Protection = 0
Set-Cookie = sess=1; path=/; expires=Sun, 04-Nov-2012 22:28:12 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie = uuid2=2223681920338249155; path=/; expires=Fri, 01-Feb-2013 22:28:12 GMT; domain=.adnxs.com; HttpOnly
Location = https://secure.adnxs.com/bounce?%2Fseg%3Fadd%3D136880%26t%3D2
Date = Sat, 03 Nov 2012 22:28:12 GMT
Content-Length = 0
Content-Type = text/html; charset=ISO-8859-1
ACTUAL -
The following are the headers from 1.7.0_09:
Cache-Control = no-store, no-cache, private
Pragma = no-cache
Expires = Sat, 15 Nov 2008 16:00:00 GMT
P3P = policyref= " http://cdn.adnxs.com/w3c/policy/p3p.xml " , CP= " NOI DSP COR ADM P
SAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE "
X-XSS-Protection = 0
Set-Cookie = null
Set-Cookie = null
Location = https://secure.adnxs.com/bounce?%2Fseg%3Fadd%3D136880%26t%3D2
Date = Sat, 03 Nov 2012 22:29:19 GMT
Content-Length = 0
Content-Type = text/html; charset=ISO-8859-1
ERROR MESSAGES/STACK TRACES THAT OCCUR :
NullPointerExceptions occur if trying to process the " Set-Cookie " lines.
REPRODUCIBILITY :
This bug can be reproduced always.
---------- BEGIN SOURCE ----------
package cookieissueinvestigation;
import java.net.CookieHandler;
import java.net.CookieManager;
import java.net.CookiePolicy;
import java.net.HttpURLConnection;
import java.net.URL;
public class CookieIssueInvestigation
{
public static void main(String[] args)
{
System.out.println( " JVM: " + System.getProperty( " java.version " ));
try
{
//Instantiate CookieManager; make sure to set CookiePolicy
CookieManager manager = new CookieManager();
manager.setCookiePolicy(CookiePolicy.ACCEPT_ALL);
CookieHandler.setDefault(manager);
//get content from URLConnection
URL urlObject = new URL( " http://secure.adnxs.com/seg?add=136880&t=2 " );
HttpURLConnection connection = (HttpURLConnection) urlObject.openConnection();
connection.setUseCaches(false);
connection.setInstanceFollowRedirects(true);
connection.connect();
String headerName;
for (int i = 1; (headerName = connection.getHeaderFieldKey(i)) != null; i++)
{
System.out.println(headerName + " = " + connection.getHeaderField(i));
}
}
catch (Exception e)
{
System.out.println( " Exception - " +e);
}
}
}
---------- END SOURCE ----------
Attachments
Issue Links
- duplicates
-
JDK-7095980 Ensure HttpURLConnection (and supporting APIs) don't expose HttpOnly cookies
-
- Closed
-