@Override public CookieSpec create(final HttpContext context) { // SecurityLevel.SECURITYLEVEL_IE_MEDIUM disables path validation AbstractCookieSpec cookieSpec = new BrowserCompatSpec(null, SecurityLevel.SECURITYLEVEL_IE_MEDIUM); cookieSpec.registerAttribHandler(CookieUtil.HTTP_ONLY_ATTR, new HttpOnlyHandler()); return cookieSpec; }