AsyncHttpClient
diff --git a/‎README.md‎
Lines changed: 2 additions & 2 deletions b/‎README.md‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎client/pom.xml‎
Lines changed: 1 addition & 1 deletion b/‎client/pom.xml‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎client/src/main/java/org/asynchttpclient/netty/handler/intercept/Redirect30xInterceptor.java‎
Lines changed: 12 additions & 3 deletions b/‎client/src/main/java/org/asynchttpclient/netty/handler/intercept/Redirect30xInterceptor.java‎
Lines changed: 12 additions & 3 deletions
@@ -53,14 +53,14 @@ Java 11+
 <dependency>
     <groupId>org.asynchttpclient</groupId>
     <artifactId>async-http-client</artifactId>
-    <version>3.0.9</version>
+    <version>3.0.10</version>
 </dependency>
 ```
 
 **Gradle:**
 
 ```groovy
-implementation 'org.asynchttpclient:async-http-client:3.0.9'
+implementation 'org.asynchttpclient:async-http-client:3.0.10'
 ```
 
 <details>
 
@@ -19,7 +19,7 @@
     <parent>
         <groupId>org.asynchttpclient</groupId>
         <artifactId>async-http-client-project</artifactId>
-        <version>3.0.9</version>
+        <version>3.0.10</version>
     </parent>
 
     <modelVersion>4.0.0</modelVersion>
 
@@ -41,6 +41,7 @@
 import static io.netty.handler.codec.http.HttpHeaderNames.AUTHORIZATION;
 import static io.netty.handler.codec.http.HttpHeaderNames.CONTENT_LENGTH;
 import static io.netty.handler.codec.http.HttpHeaderNames.CONTENT_TYPE;
+import static io.netty.handler.codec.http.HttpHeaderNames.COOKIE;
 import static io.netty.handler.codec.http.HttpHeaderNames.HOST;
 import static io.netty.handler.codec.http.HttpHeaderNames.LOCATION;
 import static io.netty.handler.codec.http.HttpHeaderNames.PROXY_AUTHORIZATION;
@@ -113,7 +114,9 @@ public boolean exitAfterHandlingRedirect(Channel channel, NettyResponseFuture<?>
                 boolean schemeDowngrade = request.getUri().isSecured() && !newUri.isSecured();
                 boolean stripAuth = !sameBase || schemeDowngrade || stripAuthorizationOnRedirect;
 
-                if (stripAuth && (request.getRealm() != null || request.getHeaders().contains(AUTHORIZATION))) {
+                if (stripAuth && (request.getRealm() != null
+                        || request.getHeaders().contains(AUTHORIZATION)
+                        || request.getHeaders().contains(COOKIE))) {
                     LOGGER.debug("Stripping credentials on redirect to {}", newUri);
                 }
 
@@ -209,8 +212,14 @@ private static HttpHeaders propagatedHeaders(Request request, Realm realm, boole
             headers.remove(CONTENT_TYPE);
         }
 
-        if (stripAuthorization || (realm != null && (realm.getScheme() == AuthScheme.NTLM
-                || realm.getScheme() == AuthScheme.SCRAM_SHA_256))) {
+        if (stripAuthorization) {
+            // Cookie is dropped only on the security boundary; the URI-scoped CookieStore re-adds
+            // any cookies that legitimately match the new target after this method returns.
+            headers.remove(AUTHORIZATION)
+                    .remove(PROXY_AUTHORIZATION)
+                    .remove(COOKIE);
+        } else if (realm != null && (realm.getScheme() == AuthScheme.NTLM
+                || realm.getScheme() == AuthScheme.SCRAM_SHA_256)) {
             headers.remove(AUTHORIZATION)
                     .remove(PROXY_AUTHORIZATION);
         }