I'm working with WebView on Android and have a requirement to enable 3rd party cookie for all web domain to write cookie. I have some concerns:
If i enable 3rd party cookie, what is the security issue for the app information and for user?
From Android K and below, 3rd cookie is enabled by default; Android L and above, 3rd party cookie is disable by default; i wonder why they changes this behaviors?
I've searched on internet for recommendation to enable or disable cookie, but there aren't much there. I wonder if there are some recommendations for this?
Thanks.
Enable third party cookie in webview.
webView.setCookiesEnabled(true);
webView.setThirdPartyCookiesEnabled(true);
Set cookie to webview.
CookieManager cookieManager = CookieManager.getInstance();
if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.LOLLIPOP) {
cookieManager.setAcceptThirdPartyCookies(webView, true);
} else {
cookieManager.setAcceptCookie(true);
}
for (String cookie: cookies) { //parse your cookies and set one by one. edit your method here
cookieManager.setCookie(getString(R.string.urlInsta), cookie);
}
If you have query please let me know.
Related
I'm using Java code on an Android app to login and I receive cookies after I successfully login (using Retrofit).
What I want to do is if the login is successful and I go to a different tab which has a WebView that I'm automatically logged in with my browser cookie. On iOS this works perfectly. On Android I think I have to change something in my code so I'm using the following code to set the cookies in my CookieManager:
CookieManager cookieManager = CookieManager.getInstance();
cookieManager.setAcceptCookie(true);
for(String cookie: response.headers().values("Set-Cookie")){
System.out.println("cookie = " + cookie);
cookieManager.setCookie(Constants.baseURL, cookie);
}
This works fine and if I reload the WebView it seems to have all the right cookies, why am I not logged in in the WebView and does this work in iOS? Do I need to add something else?
May be you have forgotten to use CookieSyncManager.createInstance(..)
And call sync on obtained instance
I am working on a android web application and based on if a secure cookie exists I want to do something. Unfortunately when I use the following line of code I only get a list of unsecure cookies.
String cookies = cookieManager.getCookie(siteName)
Does anyone know how I can get a list of all secure cookies for a specific domain?
You can retrieve secure cookies by using a url that starts with "https://".
String cookies = cookieManager.getCookie("https://example.com");
Returns all cookies (including secure only ones). Logic for getting cookies can be read at: https://github.com/adobe/chromium/blob/master/net/cookies/cookie_monster.cc#L1780 .
To resolve the issue I added the following before I created the webView
CookieManager.setAcceptFileSchemeCookies(true);
see CookieManager.setAcceptFileSchemeCookies(boolean accept)
I'm developing apps on iOS and Android where I have a web of shopping and when I buy an item, the web gives me a value on the cookie that I get and then I show the number of items that the client has purchased.
The way to take the cookies is:
CookieManager cookieManager = CookieManager.getInstance();
cookieManager.setAcceptCookie(true);
String cookies = cookieManager.getCookie(url);
so, when I have 20 products and I add one, it turns to 21 (obviously) but when I remove one item, it stays on the same number because the cookies don't get updated.
I'm using the same login with Objective C and it updates well.
Am I missing anything on Android?
Thanks in advance.
I'm writing a Cordova app and I would like to access its HTTP secure cookie from a plugin. I want to encrypt / disable it until the user enters a valid pin.
All help is greatly appreciated. Thank you.
The way I would do it would be to enable/disable the cookies for the entire application:
CookieManager mCookieManager = CookieManager.getInstance();
CookieSyncManager.createInstance(this);
mCookieManager.setAcceptCookie(false); //disables cookies for the WebView until the user enters a correct pin
if(getUsersPin()) { //getUsersPin() gets the pin from the user
mCookieManager.setAcceptCookie(true);
}
I'm failing at the moment in letting my app delete the browser cookies or some specific cookies.
The way I found was to implement the following:
CookieSyncManager.createInstance(this);
CookieManager cookieManager = CookieManager.getInstance();
cookieManager.removeAllCookie();
But nothing is happening. An with the method hasCookie() is get false as return. Is there no way for deleting a cookie from inside my app?
Thanks for your help!
You can use CookieSyncManager to delete cookies from your own WebView widget(s).
You cannot delete cookies from third-party applications that use WebView or other Web rendering engines.