Can't get sessionid and csrftoken when reading cookie from Webview
Reported by
i.v.cheb...@gmail.com,
Feb 24 2017
|
||||
Issue description
Steps to reproduce the problem:
1. I read the cookie using androidCookieManager.getCookie("www.link.com")
2. I get: mid=xxxx; _dismiss=true; s_network=""; ig_vw=xx; ig_pr=xx; ds_user_id=xxx cookies.
3. But I can't get all the information about the cookies (don't get - sessionid and csrftoken)? When I use chrome-devtools/remote-debugging, I see all the cookies.Why?
What is the expected behavior?
What went wrong?
Can't get sessionid and csrftoken when reading cookie
Did this work before? N/A
Does this work in other browsers? N/A
Chrome version: <Copy from: 'about:version'> Channel: n/a
OS Version: 6
Flash Version: Shockwave Flash 24.0 r0
Is it possible to correctly receive all cookies from Webview and use them to HttpURLConnection?
,
Feb 24 2017
can you make a test app with steps to reproduce this issue? zipped source + apk I can't think of anything other than timing.
,
Feb 25 2017
I describe the steps more carefully:
1) I start Webview using WebView.loadUrl method.
2) I open the Webview window with a site.
3) I log in manually.
4) Then I add a comment (or something else) manually, I see my comment.
5) I have the button in my app (below Webview) which send a comment using HttpURLConnection. I click the button and nothing happens in Webview window.
After that, I study two request headers and see the difference. Sessionid and csrftoken in the second request is absent (when click the button). Everything was done in one Webview window without closing, restart etc.
But if I use WebView.postUrl method when click the button I see Sessionid and csrftoken, they are correct. But the problem with X-Requested-With, I need to change it but it's impossible in WebView.postUrl method.
,
Feb 27 2017
You didn't really answer the most basic question, what website are you loading? Like I said, it's much easier if you provide both the source and apk of app that demonstrate the problem.
,
Mar 11 2017
Website is instagram.com.
,
Mar 11 2017
Thank you for providing more feedback. Adding requester "boliu@chromium.org" to the cc list and removing "Needs-Feedback" label. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Mar 13 2017
HTTPUrlConnection knows nothing about the WebView cookie store. It looks like you might be able to use android.webkit.CookieManager.getInstance().getCookie(url) to fetch the cookies you need to pass in the request.
,
Mar 13 2017
Yes, I know this and I use android.webkit.CookieManager.getInstance().getCookie(url) that is why I have some part of cookies(mid=xxxx; _dismiss=true; s_network=""; ig_vw=xx; ig_pr=xx; ds_user_id=xxx), but I can't understand why I doesn't see Sessionid and csrftoken?
,
Mar 13 2017
Can I modify WebView.postUrl request using customer header? Maybe this method will work without any problem?
,
Mar 13 2017
I see in Chrome developer tools that sessionid and csrftoken mark like "Secure", maybe this is the problem? What does it mean Secure? I can't use them?
,
Mar 13 2017
Secure cookies won't be transmitted over cleartext (non-https) connections.
,
Mar 13 2017
Many thanks, I understood and immediately found a solution!
,
Mar 13 2017
|
||||
►
Sign in to add a comment |
||||
Comment 1 by rsgav...@chromium.org
, Feb 24 2017