JDK-8014034 : Certain Set-Cookie lines in headers appear as null in recent versions of 1.7.0
  • Type: Bug
  • Component: core-libs
  • Sub-Component: java.net
  • Affected Version: 7u9
  • Priority: P3
  • Status: Resolved
  • Resolution: Duplicate
  • Submitted: 2013-03-20
  • Updated: 2014-11-17
  • Resolved: 2013-05-09
Related Reports
Duplicate :  
Description
FULL PRODUCT VERSION :
JVM: 1.7.0_09

ADDITIONAL OS VERSION INFORMATION :
Microsoft Windows [Version 6.1.7600]

A DESCRIPTION OF THE PROBLEM :
When loading URLs from a particular server (possibly others but there is only one that I have come across with this issue so far) the headers give a null value for the  " Set-Cookie "  lines.

This only occurs in versions of the JRE after 1.7.0, including the very latest 1.7.0_09.

The headers from a wireshark trace produce the same, correct result as 1.7.0.

REGRESSION.  Last worked in version 7

STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
Load this URL: http://secure.adnxs.com/seg?add=136880&t=2

Output the raw headers.

Two  " Set-Cookie "  lines will have the value  " null " .

EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
The following are the headers from a wireshark trace:

Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref= " http://cdn.adnxs.com/w3c/policy/p3p.xml " , CP= " NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE " 
X-XSS-Protection: 0
Set-Cookie: sess=1; path=/; expires=Sun, 04-Nov-2012 22:23:39 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=460040437773960124; path=/; expires=Fri, 01-Feb-2013 22:23:39 GMT; domain=.adnxs.com; HttpOnly
Location: https://secure.adnxs.com/bounce?%2Fseg%3Fadd%3D136880%26t%3D2
Date: Sat, 03 Nov 2012 22:23:39 GMT
Content-Length: 0
Content-Type: text/html; charset=ISO-8859-1



The following is from JRE 1.7.0:

Cache-Control = no-store, no-cache, private
Pragma = no-cache
Expires = Sat, 15 Nov 2008 16:00:00 GMT
P3P = policyref= " http://cdn.adnxs.com/w3c/policy/p3p.xml " , CP= " NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE " 
X-XSS-Protection = 0
Set-Cookie = sess=1; path=/; expires=Sun, 04-Nov-2012 22:28:12 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie = uuid2=2223681920338249155; path=/; expires=Fri, 01-Feb-2013 22:28:12 GMT; domain=.adnxs.com; HttpOnly
Location = https://secure.adnxs.com/bounce?%2Fseg%3Fadd%3D136880%26t%3D2
Date = Sat, 03 Nov 2012 22:28:12 GMT
Content-Length = 0
Content-Type = text/html; charset=ISO-8859-1
ACTUAL -
The following are the headers from 1.7.0_09:

Cache-Control = no-store, no-cache, private
Pragma = no-cache
Expires = Sat, 15 Nov 2008 16:00:00 GMT
P3P = policyref= " http://cdn.adnxs.com/w3c/policy/p3p.xml " , CP= " NOI DSP COR ADM P
SAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE " 
X-XSS-Protection = 0
Set-Cookie = null
Set-Cookie = null
Location = https://secure.adnxs.com/bounce?%2Fseg%3Fadd%3D136880%26t%3D2
Date = Sat, 03 Nov 2012 22:29:19 GMT
Content-Length = 0
Content-Type = text/html; charset=ISO-8859-1

ERROR MESSAGES/STACK TRACES THAT OCCUR :
NullPointerExceptions occur if trying to process the  " Set-Cookie "  lines.

REPRODUCIBILITY :
This bug can be reproduced always.

---------- BEGIN SOURCE ----------
package cookieissueinvestigation;

import java.net.CookieHandler;
import java.net.CookieManager;
import java.net.CookiePolicy;
import java.net.HttpURLConnection;
import java.net.URL;

public class CookieIssueInvestigation
{
    public static void main(String[] args)
    {
        System.out.println( " JVM:  "  + System.getProperty( " java.version " ));
        
        try
        {
            //Instantiate CookieManager; make sure to set CookiePolicy
            CookieManager manager = new CookieManager();
            manager.setCookiePolicy(CookiePolicy.ACCEPT_ALL);
            CookieHandler.setDefault(manager);

            //get content from URLConnection
            URL urlObject = new URL( " http://secure.adnxs.com/seg?add=136880&t=2 " );

            HttpURLConnection connection = (HttpURLConnection) urlObject.openConnection();
            connection.setUseCaches(false);
            connection.setInstanceFollowRedirects(true);
            connection.connect();

            String headerName;

            for (int i = 1; (headerName = connection.getHeaderFieldKey(i)) != null; i++)
            {
                System.out.println(headerName +  "  =  "  + connection.getHeaderField(i));
            }
        }
        catch (Exception e)
        {
            System.out.println( " Exception -  "  +e);
        }
    }
}
---------- END SOURCE ----------
Comments
This is a duplicate of 7095980, and a deliberate change in behavior. The cookies can be accessed through the cookie manager.
09-05-2013