Duplicate :
|
|
Relates :
|
|
Relates :
|
|
Relates :
|
In the applet mode, the CookieHandler.getDefault().put() call appears to ignore HttpOnly cookies. For example, if the applet calls CookieHandler.getDefault().put() with two cookies, one with HttpOnly attribute and one without the HttpOnly attribute and then immediately calls CookieHandler.getDefault().get() for the same URI, only the cookie without the HttpOnly attribute is returned. See the attached example. This happens in both IE8 and Firefox 3.6.18. This issue causes problems with the https://www.google.com/accounts/ServiceLogin service, which makes use of HttpOnly cookies. Specifically, this issue appears to be the root cause for http://javafx-jira.kenai.com/browse/RT-15676 Example applet code: public class CookieTest extends JApplet { private JTextArea textArea; @Override public void init() { try { SwingUtilities.invokeAndWait(new Runnable() { @Override public void run() { setLayout(new BorderLayout()); JButton button = new JButton("Test"); button.addActionListener(new ActionListener() { @Override public void actionPerformed(ActionEvent e) { test(); } }); add(button, BorderLayout.NORTH); textArea = new JTextArea(); add(textArea, BorderLayout.CENTER); } }); } catch (Exception e) { System.err.println("createGUI didn't complete successfully"); } } private void test() { try { CookieHandler handler = CookieHandler.getDefault(); URI uri = new URI("https://www.google.com/accounts/ServiceLogin"); Map<String, List<String>> headers = new HashMap<String, List<String>>(); headers.put("Set-Cookie", Arrays.asList( "FOO=BAR;HttpOnly","ABC=XYZ")); handler.put(uri, headers); textArea.append("put: " + headers + "\n"); headers = handler.get(uri, new HashMap<String, List<String>>()); textArea.append("got: " + headers + "\n"); } catch (Exception ex) { textArea.setText("Error, consult Java console for more info"); ex.printStackTrace(System.err); } } } Expected output (in the text box next to the "Test" button): put: {Set-Cookie=[FOO=BAR;HttpOnly, ABC=XYZ]} got: {Cookie=[FOO=BAR, ABC=XYZ]} Actual output: put: {Set-Cookie=[FOO=BAR;HttpOnly, ABC=XYZ]} got: {Cookie=[ABC=XYZ]}
|