JDK-7183292 : HttpURLConnection.getHeaderFields() throws IllegalArgumentException: Illegal cookie name
  • Type: Bug
  • Component: core-libs
  • Sub-Component: java.net
  • Affected Version: 7u4
  • Priority: P2
  • Status: Closed
  • Resolution: Fixed
  • OS: generic
  • CPU: generic
  • Submitted: 2012-07-11
  • Updated: 2013-11-11
  • Resolved: 2012-08-02
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
7u6 b22Fixed 8Fixed
Related Reports
Relates :  
If a program installs the default cookie handler, opens an HttpURLConnection to http://www.google.com, and attempts to call HttpURLConnection.getHeaderFields() on that connection,  HttpURLConnection.getHeaderFields() unexpectedly throws the following exception:

Exception in thread "main" java.lang.IllegalArgumentException: Illegal cookie name
	at java.net.HttpCookie.<init>(HttpCookie.java:158)
	at java.net.HttpCookie.parseInternal(HttpCookie.java:964)
	at java.net.HttpCookie.parse(HttpCookie.java:215)
	at java.net.HttpCookie.access$100(HttpCookie.java:58)
	at java.net.HttpCookie$12.parse(HttpCookie.java:1096)
	at sun.net.www.protocol.http.HttpURLConnection.filterHeaderField(HttpURLConnection.java:2605)
	at sun.net.www.protocol.http.HttpURLConnection.getFilteredHeaderFields(HttpURLConnection.java:2642)
	at sun.net.www.protocol.http.HttpURLConnection.getHeaderFields(HttpURLConnection.java:2686)
	at illegalcookienametest.IllegalCookieNameTest.main(IllegalCookieNameTest.java:17)

To reproduce, compile and run the following program (with -DproxyHost=<proxy> -DproxyPort=<port>, if you are behind a proxy):

public class IllegalCookieNameTest {
    public static void main(String[] args) throws IOException {
        CookieHandler.setDefault(new TestCookieHandler());
        URL url = new URL("http://www.google.com/");
        HttpURLConnection c = (HttpURLConnection) url.openConnection();

class TestCookieHandler extends CookieHandler {
    public Map<String, List<String>> get(URI uri, Map<String, List<String>> requestHeaders) {
        return new HashMap<String, List<String>>();

    public void put(URI uri, Map<String, List<String>> responseHeaders) {

This is a major problem for JavaFX WebView, see http://javafx-jira.kenai.com/browse/RT-23353

EVALUATION http://hg.openjdk.java.net/hsx/hotspot-comp/jdk/rev/7bd32bfc0539

EVALUATION This is happening because of changes associated with 7095980. getHeaderFields now perform additional checks from HttpCookie.java instead of simply parsing and returning all header fields from the response, as was being done in 7u3 and earlier versions. So the problem exists 7u4 onwards. Google is sending the following cookie: "domain=; expires=Mon, 01-Jan-1990 00:00:00 GMT; path=/; domain=.google.com" And the checks in HttpCookie.java is flagging this as Illegal.

SUGGESTED FIX Fix is to remove the isReserved() method from HttpCookie (and the place where it is called).