首页 > 编程语言> > java – HttpsURLConnection getHeaderFields没有返回set-cookie

java – HttpsURLConnection getHeaderFields没有返回set-cookie

2019-06-29 03:50:25 作者：互联网

我正在向一个HTTPS URL发送一个get请求,不知怎的,我正在为“Set-Cookie”获取空值.迭代时我可以看到header-key有“set-cookie”但header-value为null.

这是我的代码：

URL obj = new URL(url);
HttpsURLConnection conn = (HttpsURLConnection) obj.openConnection();
HttpsURLConnection.setFollowRedirects(false);


conn.setRequestProperty("User-Agent", USER_AGENT);
conn.setRequestProperty("Accept",
            "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8");
conn.setRequestProperty("Accept-Language", "en-US,en;q=0.5");
conn.setRequestProperty("Connection", "keep-alive");
conn.setRequestProperty("Accept-Encoding", "gzip, deflate");
conn.connect();

Map em = conn.getHeaderFields();
System.out.println("header Values......" + em.toString());

String headerName = null;   

for (int i = 1; (headerName = conn.getHeaderFieldKey(i)) != null; i++) 
{
     System.out.println("Header Nme : " + headerName);
     System.out.println(conn.getHeaderField(i));

}

输出：

header Values......{null=[HTTP/1.1 200 OK], x-wily-info=[Clear guid=0BE0EC9D0A7E67816C471FA946FD2EBB], Date=[Sat, 29 Mar 2014 03:27:41 GMT], Content-Length=[8106], x-wily-servlet=[*******************], X-FRAME-OPTIONS=[SAMEORIGIN], Connection=[close], Content-Type=[text/html;charset=UTF-8]}

Header Nme : Date
Sat, 29 Mar 2014 03:27:41 GMT
Header Nme : X-FRAME-OPTIONS
SAMEORIGIN
Header Nme : x-wily-info
Clear guid=0BE0EC9D0A7E67816C471FA946FD2EBB
Header Nme : x-wily-servlet
*****************************
Header Nme : Content-Type
text/html;charset=UTF-8
Header Nme : Content-Length
8106
**Header Nme : Set-Cookie
null
Header Nme : Set-Cookie
null**
Header Nme : Connection
close
Response Code : 200

从浏览器我可以看到：

Connection  close
Content-Length  8106
Content-Type    text/html;charset=UTF-8
Date            Sat, 29 Mar 2014 02:20:31 GMT
Set-Cookie  JSESSIONID=*********************; Path=/****; Secure; **HttpOnly** 
Set-Cookie      loginToken=*************;Path=/****/login/LoginProcess.do; **HttpOnly**;                                                                                                           Secure
X-FRAME-OPTIONS SAMEORIGIN
x-wily-info Clear guid=0BA36F4A0A7E67816C471FA938E304CA
x-wily-servlet  *****************************************

我在许多HTTPS网址上尝试过相同的操作,所有这些网址都运行正常,这只是创建问题;我注意到的主要区别是这个服务器实际上是以’HttpOnly’的形式发送cookie.它引起了问题吗？

解决方法:

由于XSS问题,这似乎是一个功能.

https://bugs.openjdk.java.net/browse/JDK-6890023

标签：java,cookies,httpsurlconnection
来源： https://codeday.me/bug/20190629/1322393.html