Join the social network of Tech Nerds, increase skill rank, get work, manage projects...
 
  • How to configure Android WebView to encrypt cookies?

    • 0
    • 0
    • 0
    • 0
    • 0
    • 0
    • 0
    • 674
    Answer it

    This has been raised as a security concern blocking the release of my Cordova application on Android 4.4 KitKat

    Using a SQLIte browser on a rooted device, the application session id cookie is being written in plain text into a SQLite table named COOKIES.

    I've tried using Cache-Control no-cache=\"Set-Cookie\".

    I've tried setting the Set-Cookie secure and httpOnly header attributes.

    According to many blog entries, Chromium is suppose to encrypt cookies https://codereview.chromium.org/24734007 and indeed, I've observed an "encrypted_value" column within the COOKIES table.

    Unfortunately, none of the above attempts have succeeded in configuring Android WebView to encrypt stored cookies.

 0 Answer(s)

Sign In
                           OR                           
                           OR                           
Register

Sign up using

                           OR                           
Forgot Password
Fill out the form below and instructions to reset your password will be emailed to you:
Reset Password
Fill out the form below and reset your password: