about 5 years ago
This has been raised as a security concern blocking the release of my Cordova application on Android 4.4 KitKat
Using a SQLIte browser on a rooted device, the application session id cookie is being written in plain text into a SQLite table named COOKIES.
I've tried using Cache-Control no-cache=\"Set-Cookie\".
I've tried setting the Set-Cookie secure and httpOnly header attributes.
According to many blog entries, Chromium is suppose to encrypt cookies https://codereview.chromium.org/24734007 and indeed, I've observed an "encrypted_value" column within the COOKIES table.
Unfortunately, none of the above attempts have succeeded in configuring Android WebView to encrypt stored cookies.
Starting with Chrome version 45, NPAPI is no longer supported for Google Chrome. For more information, see Chrome and NPAPI (blog.chromium.org).
Firefox and Microsoft Internet Explorer are recommended browsers for websites using java applets.
Chrome Version Support
Are you sure, you want to delete this comment?
Terms of Service
| © copyright 2020 FindNerd.com. All rights reserved.
Sign up using