Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

How I can get http-only and secure cookies on android device

See original GitHub issue

Hello guys,

I’m current build a RN app with react-native-webview and @react-native-community/cookies. Now, i need to access all cookies in webview. With some help of @react-native-community/cookies on ios devices, i can get all of this but on android i only get non-secure/non-httpOnly cookies.

Android devices is running on API 28.

Here my code:

Implement webview <WebView ref={webViewRef} source={{uri: 'https://example.com'}} javaScriptEnabled={true} sharedCookiesEnabled={true} thirdPartyCookiesEnabled={true} />
Get cookies useEffect(() => { let getCookies = () => CookieManager.getAll(useWebKit).then((cookies) => { console.log('CookieManager.get =>', cookies); }); if (Platform.OS === 'android') { getCookies = () => CookieManager.get('https://linkedin.com').then((cookies) => { console.log('CookieManager.get =>', cookies); }); } getCookies(); }, []);

Issue Analytics

State:
Created 3 years ago
Reactions:9
Comments:20

Top GitHub Comments

2reactions

cody0203commented, Nov 11, 2020

@hengkx Ios still can get httpOnly cookie, try to use CookieManager.getAll(true).then(...).

1reaction

cody0203commented, Nov 11, 2020

@marf I think this issue become from Android native code, in class CookieManager, not from this library.

@cody0203 do you think that in android there is no library which allows this or simply we have to fork CookieManager to allow this kind of behavior the same as in iOS?

I don’t know if any android’s library can do it but I have tried to re config CookieManager in android code and nothing happens. In android official docs don’t mention this feature too. Sry for my bad English, wish you can understand.

I am not an English native speaker too 😃 The only thing I have found is this answer from StackOverflow:

Get HttpOnly Cookies Android

It suggests using reflection, but it is quite old and a comment said that it does not work, so I am not sure if this may be a solution.

I tried and it does not work 😃

Top Results From Across the Web

Access http-only or secure cookies on Android devices React ...

Try: CookieManager.setAccessCookie(true).

HttpCookie - Android Developers

Returns true if this cookie contains the HttpOnly attribute. This means that the cookie should not be accessible to scripting engines, like javascript....

Turn cookies on or off - Android - Google Account Help

On your Android phone or tablet, open the Chrome app Chrome . · At the top right, tap More More and then Settings....

Securing cookies with httponly and secure flags [updated 2020]

Security of cookies is an important subject. HttpOnly and secure flags can be used to make the cookies more secure. When a secure...

Securing Your Cookies: HTTPOnly Flag for Cookie Theft ...

According to OWASP (Open Web Application Security Project ), “The HttpOnly cookie attribute instructs web browsers not to allow scripts ...