Relates :
|
java.net.CookieManager, the default CookieHandler, doesn't enforce the httpOnly tag. Cookies that are tagged with "httpOnly" should only be returned when the intended use if transmission over http or https. I.E. when the scheme of the URI passed in get() is http or https.
|