I am learning to store cookies in Android and came across several ways of implementing it. One of them being the use of CookieManager and CookieStore.
As I was going through Android docs, I came across the following statement:
To establish and maintain a potentially long-lived session between
client and server, HttpURLConnection includes an extensible cookie
manager. Enable VM-wide cookie management using CookieHandler and
CookieManager:
CookieManager cookieManager = new CookieManager();
CookieHandler.setDefault(cookieManager);
I don't understand the meaning of VM-wide cookie management. I know that VM means Virtual Machine.
My Interpretations:
One way I interpreted it is, creating a CookieManagerand passing it to setDefault() makes it available throughout the application. Hence, I tried the following to test it.
URL url = new URL("http://something.com");
URI uri=new URI("http://something.com");
urlConnection = (HttpURLConnection) url.openConnection();
cks=urlConnection.getHeaderField("Set-Cookie");
//cks is a String
cookieManager=new CookieManager();
CookieHandler.setDefault(cookieManager);
HttpCookie hc=new HttpCookie("Cookie1",cks);
cookieManager.getCookieStore().add(uri,hc);
cks1=cookieManager.getCookieStore().getCookies().get(0).getValue();
//cks1 is another String
I set cks and cks1 to TextViews and it printed cookie content/value as expected. Based on my interpretation, I tried cookieManager.getCookieStore().getCookies().get(0).getValue(); in another activity but it didn't recognise the object which means it is out of scope and not accessible. Also, created a new CookieManager and tried to get the cookies but it returned null. So, I assume this interpretation of VM-wide being accessible across activities is incorrect.
Second Interpretation was Cookies will be automatically stored when CookieManager is set up. I got it from a solution to another question on SO: Cookie management with Java URLConnection
One of the statements in the solution that suggested so:
When HttpURLConnection receives a cookie from the server the
CookieManager will receive the cookie and store it. Future requests to
the same server will automatically send the previously set cookies.
I removed cookieManager.getCookieStore().add(uri,hc); to test it and discovered that cookies are not stored automatically. So, that interpretation fails too.
ANOTHER DOUBT THAT HAUNTS ME:
Most of the solutions to storing cookies for later use suggests using SharedPreferences. The thing that haunts me is all of them stores cookies in CookieManager initially and later moves it to SharedPreferences. Why not use SharedPreferences directly?
For example:
URL url = new URL("http://something.com");
urlConnection = (HttpURLConnection) url.openConnection();
cks=urlConnection.getHeaderField("Set-Cookie");
SharedPreferences pref = getApplicationContext().getSharedPreferences("MyPref", MODE_PRIVATE);
Editor editor = pref.edit();
editor.putString("cookie_name", cks); // Saving cookie
editor.commit();
So what is the point of using CookieManager and then moving it to SharedPreferences?
More details on Android's cookie management framework can be found in this doc, but in short, you only need to setDefault() once. In subsequent calls you can use CookieHandler.getDefault() and you supply the cookies to the sessions as demonstrated in this answer
Using the default implementations you'll only be able to access cookies from your own application.
In simplest terms an Android VM is the layer that translates your application bytecode into machine code and it is one VM per application - so VM-Wide means Application scoped.
SharedPrefs can be used to persist cookies between sessions, although this should be rarely useful (just my opinion)
Related
I have my app ("myapp") with following example package signature: com.example.mycorp.myapp
I browsed via adb shell the app folder /data/data/com.example.mycorp.myapp/ to find any cookies - in vain.
Since I have WebView objects showing external links (html) and Google Login as an example, there should be some cookies created (at least iOS colleagues have there cookies on the same app for iOS).
So where are can I find any cookies regarding my own app?
Programmatically by means of CookieManager:
Memeber variable
private CookieManager cookieManager = null;
In a onCreate() or another constructor
cookieManager = new CookieManager();
cookieManager.setCookiePolicy(CookiePolicy.ACCEPT_ALL);
CookieHandler.setDefault(cookieManager);
A checkCookies() Method which can be triggered frequently
List<HttpCokie> cookies = cookieManager.getCookieStore().getCookies();
Now, iterate through cookies and print them out.
If you want to get the cookie value you can use this:
CookieManager.getInstance().getCookie("http://the.url.com")
More help will be provided here:
http://developer.android.com/reference/android/webkit/CookieManager.html#getCookie(java.lang.String)
I am working on a android web application and based on if a secure cookie exists I want to do something. Unfortunately when I use the following line of code I only get a list of unsecure cookies.
String cookies = cookieManager.getCookie(siteName)
Does anyone know how I can get a list of all secure cookies for a specific domain?
You can retrieve secure cookies by using a url that starts with "https://".
String cookies = cookieManager.getCookie("https://example.com");
Returns all cookies (including secure only ones). Logic for getting cookies can be read at: https://github.com/adobe/chromium/blob/master/net/cookies/cookie_monster.cc#L1780 .
To resolve the issue I added the following before I created the webView
CookieManager.setAcceptFileSchemeCookies(true);
see CookieManager.setAcceptFileSchemeCookies(boolean accept)
I am using Spring for Android in a project and I need to manage the cookie store/manager. I am able to add cookies to any request by using an implementation of ClientHttpRequestInterceptor, but I would like to remove some of these when sending a request.
To be more specific, the problem I am facing is that, for Froyo, the implementation specific in Spring (with DefaultHttpClient) adds automatically to headers the cookies from CookieStore - that even if I am setting explicitly the headers. But I would like to manage these cookies myself (either remove some of them, or update their values). While for Gingerbread above (Spring implementation is done with HttpURLConnection) the cookies are added only if I am doing it myself - however I am not that sure as I don't see Spring setting any CookieHandler, but the bottom line is that I don't see them when performing a request or I can see them updated. So the issue is more specific to Froyo.
The work-around is to reset the connection factory; something like:
protected void resetCookieStoreForTemplate(RestTemplate template) {
if (Build.VERSION.SDK_INT <= Build.VERSION_CODES.FROYO) {
template.setRequestFactory(new HttpComponentsClientHttpRequestFactory());
}
}
Underneath, that seems to recreate the DefaultHttpClient and will use a new CookieStore. But that seems to me a bit ugly.
To wrap up, my question would be: does Spring for Android provide some method to expose some API for Cookie management? Just the way RestTemplate exposes some abstractions for connectivity, connection factory, message converters and so on, I would be very happy to have some abstraction for cookie management.
I've not used Spring myself but from what I've read about it, it follows the official advice and switches HTTP clients based on API version (which is quite clever, if seriously over-engineered for my liking). When using HTTPUrlConnection, as you mentioned, Spring probably doesn't change the CookieHandler. You should be seeing in-memory cookie handling, so everything should work for requests in the same app run but the cookies would be wiped when you close the app. Can you confirm this is what you're seeing?
If so, all you have to do is create a new CookieManager instance, passing it a custom CookieStore and null for the CookiePolicy to use the default.
It's unfortunate that a persistent store isn't built-in but it's not particularly difficult to write one either.
Edit: See here for a CookieStore that uses SharedPreferences (haven't tested it myself).
The ClientHttpRequestInterceptor class is a good approach when you need to pass common headers for all requests such as setting up content type, authorization etc. As far as I understood you want to pass some cookie values for specific request.
You could also achieve this via HttpEntity and HttpHeaders class.
HttpHeaders requestHeaders = new HttpHeaders();
requestHeaders.add("Cookie", "name=" + value);
HttpEntity requestEntity = new HttpEntity(null, requestHeaders);
ResponseEntity response = restTemplate.exchange(
"http://server/service?...",
HttpMethod.GET,
requestEntity,
Response.class);
Spring rest template does not provide any off the self solution for managing cookies. The class CookieHandler is provided by Apache not part of spring. Rest template is just a basic solution for managing request response with compare to spring core.
i have login to a site through WebView. then i have get cookie which is set by the webview at login time. then i have tried to set the cookie later. please see my code:
CookieSyncManager.createInstance(context);
CookieManager cookieManager = CookieManager.getInstance();
Log.e("checkPost 1", cookie);
cookieManager.setCookie("https://************", cookie);
Log.e("checkPost 2", cookieManager.getCookie("https://*************"));
CookieSyncManager.getInstance().sync();
Log.e("checkPost 3", cookieManager.getCookie("https://*************"));
in checkPost 1 printed cookie shows that it is fine. but in checkPost 2 and after sync() it by CookieSyncManager.getInstance().sync(); statement, the checkPost 3 shows that most of the cookie is vanished. what is the problem ? i need to set the cookie. but i could not find a way spending about 2 days.
Edit:
in android documentation it says that:
public void setCookie (String url, String value)
Sets a cookie for the given URL. Any existing cookie with the same
host, path and name will be replaced with the new cookie. The cookie
being set must not have expired and must not be a session cookie,
otherwise it will be ignored.
is there any way to force CookieManager set session cookie via setCookie() ?
i think the problem is, may be i am trying to set session cookie
i don't know there is any answer or not for my question. but for my purpose i have use another way to solve my problem. it's a long process, but it works. i have given up the idea to save session cookie in CookieManager (which is not possible by the document of Android Developer site). So, what i have done is: i have converted the session cookie in string and save them in memory. for later use i just take the string from memory and convert it back to session cookie.
Edit:
(For negative voters) I have told in my answer that the process is too long, like 4-5 classes. and this project was my first project in android so the codes are too messy. all the class is full of too much code. so it is impossible to post it here. i have told the process i have used. so why negative vote?
i have converted the session in my own way and build the string to session in reverse way.
if there is any way i would post the answer. it take me about 15~20 days to build the classes and algorithms. so why not you do some Google and find a better way, or just simply build your own algorithm and process like mine. i have told the key part here, you just need to find a way to implement it into code. Thanks
I am trying to pull HTML data out of a WebView. I've seen this done a thousand times and I've even gotten it to work myself. However, my new project leads to an interesting situation: I need to login to a site through a WebView and then pull the HTML. Obviously, the Socket method doesn't work, because in order for a webpage to be returned you need the cookie for authentication. I've also tried the JavascriptInterface trick, but that didn't work either. I'm thinking the best way to achieve this is to use HttpGet with CookieManager? Does anyone know how I can get raw HTML code from a WebView with an auth cookie? Thanks!
EDIT: I did some JS injection and didn't see any cookies... so it might not be a cookie issue? But the links that you get redirected to are generic, like mainPage?a=1 and infoPage. You cannot simply copy/paste the links into another browser you have to be logged in to view these links. For those of you who are web experts, you may know an easy solution.
WebView isn't really meant for getting HTML for programmatic use, the idea is that it's just a direct window to a URL for user interaction.
To get what you want, you can use a java.net.HttpURLConnection with a CookieManager, it's worked fine for me on Android and it's suggested in the Android SDK docs:
// in an activity's onCreate:
cookieManager = new CookieManager();
CookieHandler.setDefault(cookieManager);
// later on
void getAPage(URL url) {
HttpURLConnection huc = (HttpURLConnection) url.openConnection();
System.out.println("hello from huc, response code is: " + huc.getResponseCode());
// huc.getInputStream() gives you the content.
}
The CookieManager will persist all cookies through the lifetime of the application without you having to do anything extra. You can make posts with HttpURLConnection too.