Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-7196513

Java is unable to read httponly cookies in Firefox/Chrome

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: P4
    • Resolution: Duplicate
    • Affects Version/s: 7
    • Fix Version/s: 7u40
    • Component/s: deploy
    • Labels:

      Description

      FULL PRODUCT VERSION :
      java version "1.7.0_07"

      ADDITIONAL OS VERSION INFORMATION :
      Microsoft Windows [Version 6.1.7601]

      A DESCRIPTION OF THE PROBLEM :
      We are using JavaFX's webview in our Swing application to provide rich, cross-platform browsing capabilities. Some of the URL's we need to display require the user to be authenticated. Typically, this will involve using 'HttpOnly' cookies. We have found that Java 7u7 is unable to read these cookies when running in Firefox or Chrome, usually resulting in the user being redirected to the relevant login url. IE8+ appears to behave correctly, as suggested by delivered BugIDs 7077220 and 2217749. These bugs mention that FF/Chrome remain unresolved and tags a new bugID 7116429 to resolve, however this bug cannot be found in the (public) Bug database, and based on our observations, remains unresolved.

      STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
      Setup a simple java application using JavaFX and WebView. Navigate to a page expecting a httpOnly cookie. Observe (using Fiddler or some other sniffer) that the cookies are not being made available to Java in FF/Chrome. Run the applet in IE. Observe that the cookies is made available as expected.

      EXPECTED VERSUS ACTUAL BEHAVIOR :
      EXPECTED -
      httpOnly behaviour should be the same across browsers.
      ACTUAL -
      Firefox/Chrome behave differently to IE.

      REPRODUCIBILITY :
      This bug can be reproduced always.

      CUSTOMER SUBMITTED WORKAROUND :
      The only workaround we have is to disable httpOnly cookies where we control the website. In many cases this is not possible however.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              ngthomas Thomas Ng (Inactive)
              Reporter:
              webbuggrp Webbug Group
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:
                Imported:
                Indexed: