I have an app need login, I use a singleton http client to do everything, so it can track the cookies for me.
But when I launch a browser intent in my app to view some html pages, the app sometimes be killed by low memory, when user come back from the browser, my app activity would be recreated, but the new http client would not contains that login session id.
So I think what I need is to cache the cookies when my app get killed, and then restore it back when the app got recreated. I know there is a CookieSyncManager, but I do not have a full picture of how to use that.
(1) So How can I do that? is Cookie seralizable, I just thought to cache it in the sdcard, maybe a bad idea.
Another more general question maybe:
(2) How to share httpclient with webview/system browser? Not just pass cookies from httpclient to webiew/browser, but also get the cookies when initialize the cookies, How to make the http client and webview/browser share just ONE copy of cookie store in any time?
Use SharedPreferences to store cookies as string.
Take a look at this; http://developer.android.com/reference/android/app/Activity.html#SavingPersistentState
Also android developers use parcelable class, rather than serializable class. I think the reason is performance issues # mobile devices...
Related
I'm sorry in advance if this question is not good enough to be asked, But i made a lot of search to get the proper approach to store cookies in my android app which makes a lot of web connections.
I found more approaches deals with storing cookies in android app, But i can't determine what is the proper one, Or when i should use one rather than others !!
I'll write some of what i found not all:-
SharedPreferences approach.
CookieManager approach.
HttpCookie approach.
The most two things i consider about cookies storing are security and long-lived age of cookie.
It depends on how you want to use them:
Only SharedPrferences approcach allows persistent cookie storage. For example if you do not want user perform login every time he runs your app.
CookieManager is used internaly by WebView. It keeps cookies in
class InMemoryCookieStore implements CookieStore
so it is not persistent.
HttpCookie is used by HttpClient. It is just cookie representation and it doesn't responsible for their storage.
I have implemented WASLTPAAuthentication (with WASLTPALoginModule and Realm) and it works well.
I can call my JAX-RS and they took the identity by the cookie.
My problem is: after I tap the Home button and open the menu of recent applications to swipe and quit the application, then once I open it again the session is destroyed and the cookie is lost and I need to insert my credentials and login again.
Is there a way to prevent this? Do I need to store the cookie on the localStorage in some way?
It looks like even though your LTPA cookie is still valid, when you close the application and the session dies, the cookies are being cleared. You will need to save the LTPA cookie in local storage and then set the cookie manually if you want it to use it for multiple sessions.
The LTPA cookie is included in the attributes object of the UserIdentity returned after successfully logging into the WASLTPARealm, so you should already have access to it. Its just a matter of saving and retrieving it.
(I'm asking this partly for learning purposes, I realize what I'm trying to do might be entirely wrong!)
I have a php file on my website that handles log in and sets a cookie for the user if log in is successful. if setcookie() fails, I error out instead of displaying the rest of the page.
When I try to access this page using my android app (which uses HttpURLConnection with POST), the setcookie() fails. I'm guessing this is because the client isn't a browser and can't handle cookies.
so first of all, is there away for my app to be able to receive cookies from the server and store them? if not, how do you handle maintaining a login session with the user so you dont have to send a username and password, every time you want to access data from the server?
THanks
A couple of notes before the workaround:
The function is called setcookie() not set_cookie()
Android browsers do support cookies afaik, so you probably should look into this further. Perhaps the format of your setcookie call is not valid?
If you can't use cookies, then the workaround is to simulate your own session mechanism by passing your cookie value as a url parameter on every request.
I am working on a web application for android phones, which is basically few js and html files packaged using Phonegap for android. I am making http requests to the server, getting some cookies (whose life is 10 yrs). These cookies are set by the response header. Now this works fine for this session, the set cookies are sent with each request. But if a quit the app and restart it, the cookies vanish, and are not sent with the request.
The life of the cookies is 10 yrs. Shouldnt they persist? Please tell me where i am getting it wrong?
EDIT-- I tried saving the cookie in an sqlite db, and then setting it properly in document.cookie before making the ajax call. Still its not being sent. Any ideas...?
Cookies wont persist after the app is closed. Also you cannot directly set the cookies in an xhr object using javascript, according to w3c specifications, so thats why i wasnt able to do that. the solution would be to re-perform the actions which set the cookies in the cookie jar in the first place.
I want to make a login application in Android.
Requirement of the project is to store user name and password for two days using cookie.
Is it possible to use cookies? If yes, then how? Can you give me the code?
Note: I can't use web view.
As a commenter already said, you aren't supposed to store password (even in encrypted form) in a cookie. What you can store is a session id. When user logs in the application, the application generates a session id for him/her, which will stay valid for two days. In every request that you make to the application, you add the session id as an HTTP header.
You can store the session id and the datetime it was issued in the preferences. When the user needs to make a new request to the application and the session hasn't expired, you can read the stored value.
If you are not looking to integrate this into the browser, then have a go at this.
If you look at the HTTP protocol, you can see that cookies are sent by the client in plain text in the request. This means you should have your application deliver them every time your request a page. This is not valid for local-only cookies, but I don't think that you're interested in these. If you want to set cookies from the server side, you will have to adapt your application to parse the response and look for cookies. (also HTTP protocol)
For a better view of the raw data you need to send or receive, you can monitor your traffic using Wireshark or a similar tool and see how the request/response look like.
I am currently working on a web-service that I need to implement on iPhone and this is my first idea of doing it. I haven't got to implement this yet (my web service is still not done) so there's not much more I can tell you at the moment.
Edit:
A useful page about this might be the Wikipedia HTTP Cookie page located here.
As Reno said, try to avoid storing the password in the cookie. Instead you should let the server generate a sessionID when logged in and let this ID expire on the Server after two days. SO you can login with the username and the sessionID you generated with logging in once.
I you want, you can store that sessionID in the cookie.