How to get Secure & non-HttpOnly cookies from CookieHandler
Chris Hegarty
chris.hegarty at oracle.com
Fri Jun 14 08:32:34 PDT 2013
Hi Vasiliy,
On 14/06/2013 09:48, Vasiliy Baranov wrote:
> Greetings,
>
> Suppose I need to call java.net.CookieHandler.get(URI uri,
> Map<String,List<String>> requestHeaders) and need to filter out
> 'HttpOnly' cookies from the result. My understanding is in that case I
> should call CookieHandler.get with a URI starting with "javascript://"
> or any other non-HTTP scheme.
Yes, that will certainly work, but I admit it is a little odd.
> Now what if I need to exclude 'HttpOnly' cookies but include 'Secure'
> non-'HttpOnly' cookies? Which scheme should I use in the URI in that
> case? "javascripts"?
'javascripts' will not work. Currently only 'https' is supported for
'Secure' cookie.
-Chris.
> This question is somewhat related to
> http://bugs.sun.com/view_bug.do?bug_id=7077220 ,
> http://bugs.sun.com/view_bug.do?bug_id=7038890 , and
> http://bugs.sun.com/view_bug.do?bug_id=7048628 .
>
> Thank you,
> -- Vasiliy
More information about the net-dev
mailing list