4

I'm sending a get request to one HTTPS URL and somehow I'm getting null value for "Set-Cookie". When iterating I can see header-key is having "set-cookie" but header-value is coming as null.

Here is my code:

URL obj = new URL(url);
HttpsURLConnection conn = (HttpsURLConnection) obj.openConnection();
HttpsURLConnection.setFollowRedirects(false);


conn.setRequestProperty("User-Agent", USER_AGENT);
conn.setRequestProperty("Accept",
            "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8");
conn.setRequestProperty("Accept-Language", "en-US,en;q=0.5");
conn.setRequestProperty("Connection", "keep-alive");
conn.setRequestProperty("Accept-Encoding", "gzip, deflate");
conn.connect();

Map em = conn.getHeaderFields();
System.out.println("header Values......" + em.toString());

String headerName = null;   

for (int i = 1; (headerName = conn.getHeaderFieldKey(i)) != null; i++) 
{
     System.out.println("Header Nme : " + headerName);
     System.out.println(conn.getHeaderField(i));

}

Output:

header Values......{null=[HTTP/1.1 200 OK], x-wily-info=[Clear guid=0BE0EC9D0A7E67816C471FA946FD2EBB], Date=[Sat, 29 Mar 2014 03:27:41 GMT], Content-Length=[8106], x-wily-servlet=[*******************], X-FRAME-OPTIONS=[SAMEORIGIN], Connection=[close], Content-Type=[text/html;charset=UTF-8]}

Header Nme : Date
Sat, 29 Mar 2014 03:27:41 GMT
Header Nme : X-FRAME-OPTIONS
SAMEORIGIN
Header Nme : x-wily-info
Clear guid=0BE0EC9D0A7E67816C471FA946FD2EBB
Header Nme : x-wily-servlet
*****************************
Header Nme : Content-Type
text/html;charset=UTF-8
Header Nme : Content-Length
8106
**Header Nme : Set-Cookie
null
Header Nme : Set-Cookie
null**
Header Nme : Connection
close
Response Code : 200

From browser I can see below:

Connection  close
Content-Length  8106
Content-Type    text/html;charset=UTF-8
Date            Sat, 29 Mar 2014 02:20:31 GMT
Set-Cookie  JSESSIONID=*********************; Path=/****; Secure; **HttpOnly** 
Set-Cookie      loginToken=*************;Path=/****/login/LoginProcess.do; **HttpOnly**;                                                                                                           Secure
X-FRAME-OPTIONS SAMEORIGIN
x-wily-info Clear guid=0BA36F4A0A7E67816C471FA938E304CA
x-wily-servlet  *****************************************

I tried same on many HTTPS URLs, all of them working fine, this one is only creating issue; the major difference I noticed is that this server is actually sending cookie as 'HttpOnly'. Is it causing issue?

Chait
  • 1,052
  • 2
  • 18
  • 30
bbajaj
  • 83
  • 2
  • 8

4 Answers4

2

It seems this is a feature, due to XSS issues.

https://bugs.openjdk.java.net/browse/JDK-6890023

Jason Pyeron
  • 2,388
  • 1
  • 22
  • 31
2

May be, There was a redirect on this url, you can try this before getting inputstream:

httpURLConnection.setInstanceFollowRedirects(false);
sunzsh
  • 66
  • 2
0

There was one more bug report which dicated that the problem of “HttpUrlConnection Set-Cookie Header lost with WebStart ” also affects version 7u67, 8, 9 . https://bugs.openjdk.java.net/browse/JDK-8055829

YUIOP QWERT
  • 493
  • 4
  • 6
-1

create your cookie and try setting the property like this. Also before setting see the syntax of how a proper cookie looks from the net

 connection.setRequestProperty("Cookie", myCookie);
vikeng21
  • 543
  • 8
  • 28
  • 1
    I want to get the cookies which server is sending in response header "Set-Cookie" on this initial Get request for login URL, so that i can send it back to server with subsequent post call. – bbajaj Mar 29 '14 at 05:32