Storing HTTP cookies manually in Android

When building cross-platform or non-full-native apps in Android you might want to implement your login/register or other logic screens with native components for several reasons. I’ve found myself a couple of times in this situation, where the core of the app runs via WebView but many other parts (login, toolbars, sidebars, loaders…) are implemented natively. If that’s the case, controlling the flow can be a bit hard if you want to keep the most updated information of the WebView interactions and state. The way web apps handle this is usually with the typical cookies stored in your device/browser, but there’s not much information about how to obtain cookies and insert them manually in your app’s sandbox to be automatically used by your app’s WebViews.

The method I use in my applications is the following. When logging or doing any other call to your domain from your native components, your calls should return an HTTP formatted cookie as you’ll do in PHP for example, using the format of the ‘Set-Cookie’ HTTP response header. An example is:

yourCookieName=ThIsIsARanDomHAsHThATForEXamPLEIdentifiESAnU$er; Path=/login; Expires=Wed, 13 Jan 2021 22:23:01 GMT; Secure; HttpOnly

Then you save it on your application’s CookieManager using the following method:

public static final void setCookie(String url, String cookieName, String cookieContent) {
	CookieManager.getInstance().setCookie(url, cookieName + "=" + cookieContent);
	if (Build.VERSION.SDK_INT >= 21) CookieManager.getInstance().flush();

After some testing I noticed that the flush explicit call is necessary for devices Lollipop and above because the cookie insertion is way more delayed than in older versions and might not be inserted if you close your application after calling it, but there’s not much science there so test it if you have older devices available.

Anyways, if you prefer (or need) to stick to the non-blocking method use the CookieManager setCookie method that accepts a ValueCallback as parameter and implement your onReceiveValue to receive the callback when the operation is finished.

To know if you have a certain cookie for your url, you can use this method:

public static final String getCookie(String url) {
	Log.d("COOKIES", HAS COOKIE?: " + CookieManager.getInstance().hasCookies());
	return CookieManager.getInstance().getCookie(url);

If there’s a cookie for this URL, you will get its content.
Keep in mind that the described mechanisms are useful because when you create and load your WebView, it will automatically have access to these cookies so you don’t have to worry about anything else. For example, if you manually store a session and then you open your webapp in a WebView, the session will be automatically logged. Actually it will depend on the way you implemented the webapp, but it should be like that.

Finally, to delete this cookies you can call the CookieManager removeAll method but this will remove all your cookies which makes this method a bit dangerous. Instead, if you want to remove a single cookie, use the setCookie snippet described above with an empty content string or something that doesn’t make sense to your webapp.

If you have any question, correction or anything to add to this post, please feel free to leave a comment!

Leave a Reply

Your email address will not be published. Required fields are marked *