Join the social network of Tech Nerds, increase skill rank, get work, manage projects...
 

  • How to configure Android WebView to encrypt cookies?

    @stevko
    Recommendations Offline Message

    • 0
    • 0
    • 0
    • 0
    • 0
    • 0
    • 0
    • 1.06k
    Answer it

    This has been raised as a security concern blocking the release of my Cordova application on Android 4.4 KitKat

    Using a SQLIte browser on a rooted device, the application session id cookie is being written in plain text into a SQLite table named COOKIES.

    I've tried using Cache-Control no-cache=\"Set-Cookie\".

    I've tried setting the Set-Cookie secure and httpOnly header attributes.

    According to many blog entries, Chromium is suppose to encrypt cookies https://codereview.chromium.org/24734007 and indeed, I've observed an "encrypted_value" column within the COOKIES table.

    Unfortunately, none of the above attempts have succeeded in configuring Android WebView to encrypt stored cookies.

    Android WebView Cookies encrypt
    Answer it

 0 Answer(s)

Sign In
Forgot Password?
                           OR                           
Create an account !!
                           OR                           
Register

Sign up using

                           OR                           
Forgot Password
Fill out the form below and instructions to reset your password will be emailed to you:
Reset Password
Fill out the form below and reset your password: