Fixed a few obscure bugs with cookies in http_request.

src/main/java/com/laytonsmith/PureUtilities/Web/Cookie.java

@@ -77,14 +77,15 @@ public Cookie(String unparsedValue, URL currentURL) {
 	}
 
 	/**
-	 * Creates a cookie with only the required parameters set.
+	 * Creates a cookie with only the required parameters set. That is, it creates
+	 * a session cookie with httpOnly and secure set to false.
 	 * @param domain The domain under which this cookie applies
 	 * @param name The name of this cookie
 	 * @param value The value of this cookie
 	 * @param path The path under which this cookie applies in the domain
 	 */
 	public Cookie(String name, String value, String domain, String path){
-		this(name, value, domain, path, 0, null);
+		this(name, value, domain, path, 0, false, false);
 	}
 
 	/**
@@ -94,27 +95,20 @@ public Cookie(String name, String value, String domain, String path){
 	 * @param value The value of this cookie
 	 * @param path The path under which this cookie applies in the domain
 	 * @param expiration Sets the expiration date of the cookie. 0 indicates a session cookie.
-	 * @param httpOnly Sets whether or not this cookie should be usable in http or https. Null
-	 * means either. true means http only, and false means https only.
+	 * @param httpOnly Sets whether or not this cookie is httpOnly. Generally, this is an unused field
+	 * @param secureOnly Sets whether or not this cookie should only be send via https.
 	 */
-	public Cookie(String name, String value, String domain, String path, long expiration, Boolean httpOnly) {
+	public Cookie(String name, String value, String domain, String path, long expiration, boolean httpOnly, boolean secureOnly) {
 		this.name = name;
 		this.value = value;
 		this.domain = domain;
 		this.path = path;
 		this.expiration = expiration;
-		if (httpOnly == null) {
-			this.httpOnly = false;
-			this.secureOnly = false;
-		} else if (httpOnly) {
-			this.httpOnly = true;
-			this.secureOnly = false;
-		} else {
-			this.httpOnly = false;
-			this.secureOnly = true;
-		}
+		this.httpOnly = httpOnly;
+		this.secureOnly = secureOnly;
 	}
 
+	@Override
 	public int compareTo(Cookie o) {
 		return (this.domain + this.name + this.path).compareTo(o.domain + o.name + o.path);
 	}

src/main/java/com/laytonsmith/PureUtilities/Web/CookieJar.java

@@ -73,10 +73,6 @@ public String getCookies(URL url) {
 				i--;
 				continue;
 			}
-			//If it's http only, and we aren't in http, continue.
-			if (cookie.isHttpOnly() && !url.getProtocol().equals("http")) {
-				continue;
-			}
 			//Or it's secure only, and we aren't in https, continue.
 			if (cookie.isSecureOnly() && !url.getProtocol().equals("https")) {
 				continue;
@@ -90,7 +86,7 @@ public String getCookies(URL url) {
 				continue;
 			}
 			//Or if we aren't in the right path
-			String path = "/" + url.getPath();
+			String path = (url.getPath().startsWith("/")?"":"/") + url.getPath();
 			if (!path.startsWith(cookie.getPath())) {
 				continue;
 			}
@@ -106,7 +102,7 @@ public String getCookies(URL url) {
 				b.append("; ");
 			}
 			try {
-				b.append(URLEncoder.encode(cookie.getName(), "UTF-8")).append("=").append(URLEncoder.encode(cookie.getValue(), "UTF-8"));
+				b.append(URLEncoder.encode(cookie.getName(), "UTF-8")).append("=").append(cookie.getValue());
 			} catch (UnsupportedEncodingException ex) {
 				Logger.getLogger(WebUtility.class.getName()).log(Level.SEVERE, null, ex);
 			}

src/main/java/com/laytonsmith/core/functions/Web.java

@@ -88,11 +88,8 @@ private static void getCookieJar(CArray arrayJar, CookieJar cookieJar, Target t)
 			c.set("domain", cookie.getDomain());
 			c.set("path", cookie.getPath());
 			c.set("expiration", new CInt(cookie.getExpiration(), t), t);
-			if(!cookie.isHttpOnly() && !cookie.isSecureOnly()){
-				c.set("httpOnly", new CNull(t), t);
-			} else {
-				c.set("httpOnly", new CBoolean(cookie.isHttpOnly(), t), t);
-			}
+			c.set("httpOnly", new CBoolean(cookie.isHttpOnly(), t), t);
+			c.set("secureOnly", new CBoolean(cookie.isSecureOnly(), t), t);
 			if(!update){
 				ret.push(c);
 			}
@@ -108,7 +105,8 @@ private static CookieJar getCookieJar(CArray cookieJar, Target t){
 			String domain;
 			String path;
 			long expiration = 0;
-			Boolean httpOnly = null;
+			boolean httpOnly = false;
+			boolean secureOnly = false;
 			if(cookie.containsKey("name") && cookie.containsKey("value")
 					&& cookie.containsKey("domain") && cookie.containsKey("path")){
 				name = cookie.get("name").val();
@@ -123,13 +121,12 @@ private static CookieJar getCookieJar(CArray cookieJar, Target t){
 				expiration = Static.getInt(cookie.get("expiration"), t);
 			}
 			if(cookie.containsKey("httpOnly")){
-				if(cookie.get("expiration") instanceof CNull){
-					httpOnly = null;
-				} else {
-					httpOnly = Static.getBoolean(cookie.get("expiration"));
-				}
+				httpOnly = Static.getBoolean(cookie.get("httpOnly"));
+			}
+			if(cookie.containsKey("secureOnly")){
+				secureOnly = Static.getBoolean(cookie.get("secureOnly"));
 			}
-			Cookie c = new Cookie(name, value, domain, path, expiration, httpOnly);
+			Cookie c = new Cookie(name, value, domain, path, expiration, httpOnly, secureOnly);
 			ret.addCookie(c);
 		}
 		return ret;

src/main/resources/functionDocs/http_request

@@ -119,14 +119,16 @@ of web requests that can be running concurrently.
 | true
 | Automatically adds the default headers to this request, unless specifically overridden. Note that some headers
 simply cannot be overridden, for instance Host and User-Agent will ALWAYS be set. 
-|- download
+|- 
+| download
 | string
 | null
 | If this is not null, the file will be downloaded instead of returned, and saved to the specified location on
 disk. Note that this is currently only enabled from cmdline mode, but will be added in general at a later date.
 If this setting is set from non-cdmline mode, it is silently ignored.
 |}
-<!-- TODO: This isn't working yet, so just leave it off |-
+<!-- TODO: This isn't working yet, so just leave it off 
+|-
 | proxy
 | array
 | null