diff -r c019b5df1bf5 -r afd948aaf965 jdk/src/share/classes/java/net/CookieManager.java
--- a/jdk/src/share/classes/java/net/CookieManager.java	Wed Oct 21 00:12:59 2009 -0700
+++ b/jdk/src/share/classes/java/net/CookieManager.java	Wed Oct 21 13:42:39 2009 +0200
@@ -218,6 +218,13 @@
             // 'secure' cookies over unsecure links)
             if (pathMatches(path, cookie.getPath()) &&
                     (secureLink || !cookie.getSecure())) {
+                // Enforce httponly attribute
+                if (cookie.isHttpOnly()) {
+                    String s = uri.getScheme();
+                    if (!"http".equalsIgnoreCase(s) && !"https".equalsIgnoreCase(s)) {
+                        continue;
+                    }
+                }
                 // Let's check the authorize port list if it exists
                 String ports = cookie.getPortlist();
                 if (ports != null && !ports.isEmpty()) {