cookies icon indicating copy to clipboard operation
cookies copied to clipboard

Published 20 hours ago verified publisher icon react-native-cookies

How I can get http-only and secure cookies on android device

Open cody0203 opened this issue 3 years ago • 25 comments

Hello guys,

I'm current build a RN app with react-native-webview and @react-native-community/cookies. Now, i need to access all cookies in webview. With some help of @react-native-community/cookies on ios devices, i can get all of this but on android i only get non-secure/non-httpOnly cookies.

Android devices is running on API 28.

Here my code:

  1. Implement webview <WebView ref={webViewRef} source={{uri: 'https://example.com'}} javaScriptEnabled={true} sharedCookiesEnabled={true} thirdPartyCookiesEnabled={true} />
  2. Get cookies useEffect(() => { let getCookies = () => CookieManager.getAll(useWebKit).then((cookies) => { console.log('CookieManager.get =>', cookies); }); if (Platform.OS === 'android') { getCookies = () => CookieManager.get('https://linkedin.com').then((cookies) => { console.log('CookieManager.get =>', cookies); }); } getCookies(); }, []);

cody0203 avatar Aug 20 '20 08:08 cody0203

Hello @cody0203 , have you found a solution?

marf avatar Oct 27 '20 12:10 marf

Same issue here

geroale avatar Oct 27 '20 13:10 geroale

Hello @cody0203 , have you found a solution?

Same issue here

Nah, still stuck in there

cody0203 avatar Oct 29 '20 00:10 cody0203

Hi @cody0203, I'm experiencing a problem where CookieManager.get('https://linkedin.com') get all cookies but all are with httpOnly=false (even though some of them are differently true). Is that the same for you?

roeycohen avatar Nov 02 '20 15:11 roeycohen

@roeycohen yes. It get only httpOnly=false on android devices.

cody0203 avatar Nov 03 '20 00:11 cody0203

Hi @cody0203, 10x for answering! Do you know if it means that you can't set httpOnly cookie as well?

Update: setting httpOnly seems to work (at least for android N and above)

roeycohen avatar Nov 03 '20 06:11 roeycohen

Hi @cody0203, 10x for answering! Do you know if it means that you can't set httpOnly cookie as well?

Update: setting httpOnly seems to work (at least for android N and above)

Oh i only need to get it.

cody0203 avatar Nov 03 '20 07:11 cody0203

ios need get httponly cookie

hengkx avatar Nov 10 '20 13:11 hengkx

@hengkx Ios still can get httpOnly cookie, try to use CookieManager.getAll(true).then(...).

cody0203 avatar Nov 11 '20 00:11 cody0203

@hengkx Ios still can get httpOnly cookie, try to use CookieManager.getAll(true).then(...).

Thanks. The simulator can get. the real machine can't get cookies.

hengkx avatar Nov 11 '20 00:11 hengkx

Thanks. The simulator can get. the real machine can't get cookies.

Two months ago when i still development my old app, i remember i still can get it in real device. But for now, i can't confirm that, sorry.

cody0203 avatar Nov 11 '20 00:11 cody0203

Hello, we can confirm that with CookieManager.getAll(true).then(...) we can get all cookies in iOS, the problem is that there is no such function in Android we are not able to the all the cookies (even the httpOnly ones) on Android devices. Hope there is a solution for that which can make Android & iOS behave the same.

marf avatar Nov 11 '20 09:11 marf

@marf I think this issue become from Android native code, in class CookieManager, not from this library.

cody0203 avatar Nov 11 '20 09:11 cody0203

@marf I think this issue become from Android native code, in class CookieManager, not from this library.

@cody0203 do you think that in android there is no library which allows this or simply we have to fork CookieManager to allow this kind of behavior the same as in iOS?

marf avatar Nov 11 '20 09:11 marf

@marf I think this issue become from Android native code, in class CookieManager, not from this library.

@cody0203 do you think that in android there is no library which allows this or simply we have to fork CookieManager to allow this kind of behavior the same as in iOS?

I don't know if any android's library can do it but i have tried to re config CookieManager in android code and nothing happen. In android official docs doesn't mention about this feature too. Sry for my bad English, wish you can understand.

cody0203 avatar Nov 11 '20 10:11 cody0203

@marf I think this issue become from Android native code, in class CookieManager, not from this library.

@cody0203 do you think that in android there is no library which allows this or simply we have to fork CookieManager to allow this kind of behavior the same as in iOS?

I don't know if any android's library can do it but I have tried to re config CookieManager in android code and nothing happens. In android official docs don't mention this feature too. Sry for my bad English, wish you can understand.

I am not an English native speaker too :) The only thing I have found is this answer from StackOverflow:

Get HttpOnly Cookies Android

It suggests using reflection, but it is quite old and a comment said that it does not work, so I am not sure if this may be a solution.

marf avatar Nov 11 '20 10:11 marf

@marf I think this issue become from Android native code, in class CookieManager, not from this library.

@cody0203 do you think that in android there is no library which allows this or simply we have to fork CookieManager to allow this kind of behavior the same as in iOS?

I don't know if any android's library can do it but I have tried to re config CookieManager in android code and nothing happens. In android official docs don't mention this feature too. Sry for my bad English, wish you can understand.

I am not an English native speaker too :) The only thing I have found is this answer from StackOverflow:

Get HttpOnly Cookies Android

It suggests using reflection, but it is quite old and a comment said that it does not work, so I am not sure if this may be a solution.

I tried and it does not work :)

cody0203 avatar Nov 11 '20 10:11 cody0203

@marf I think this issue become from Android native code, in class CookieManager, not from this library.

@cody0203 do you think that in android there is no library which allows this or simply we have to fork CookieManager to allow this kind of behavior the same as in iOS?

I don't know if any android's library can do it but I have tried to re config CookieManager in android code and nothing happens. In android official docs don't mention this feature too. Sry for my bad English, wish you can understand.

I am not an English native speaker too :) The only thing I have found is this answer from StackOverflow: Get HttpOnly Cookies Android It suggests using reflection, but it is quite old and a comment said that it does not work, so I am not sure if this may be a solution.

I tried and it does not work :)

Maybe only works for old android version?

rizkiandrianto avatar Jan 17 '21 09:01 rizkiandrianto

@marf I think this issue become from Android native code, in class CookieManager, not from this library.

@cody0203 do you think that in android there is no library which allows this or simply we have to fork CookieManager to allow this kind of behavior the same as in iOS?

I don't know if any android's library can do it but I have tried to re config CookieManager in android code and nothing happens. In android official docs don't mention this feature too. Sry for my bad English, wish you can understand.

I am not an English native speaker too :) The only thing I have found is this answer from StackOverflow: Get HttpOnly Cookies Android It suggests using reflection, but it is quite old and a comment said that it does not work, so I am not sure if this may be a solution.

I tried and it does not work :)

Maybe only works for old android version?

Not sure but if that true, it's useless :)

cody0203 avatar Jan 18 '21 01:01 cody0203

Has anyone found a solution?

shmkane avatar Nov 10 '22 00:11 shmkane

I've also been stuck on this issue recently. and how to get http-only cookie from response headers

liaoliao666 avatar Jan 02 '23 19:01 liaoliao666

just connect to the webview cookie with sqlite database and read all the data from DB

guofeng007 avatar Mar 23 '23 09:03 guofeng007

just connect to the webview cookie with sqlite database and read all the data from DB

what does that mean???

IshanArya avatar Nov 05 '23 02:11 IshanArya

clients shouldnt be able to head http-only cookies--that's quite literally the entire purpose of http-only cookies--preventing client side access.

cdaringe avatar Dec 12 '23 23:12 cdaringe