Android 未共享会话cookie
经过无数个小时,我终于想出了如何在我的httpclient和我的webview之间共享cookies。我现在的问题是,由于某种原因,我的会话cookie没有被共享 在我找到的android文档中: 公共void setCookie(字符串url、字符串值) 自:API级别1 为给定url设置cookie。将删除具有相同主机/路径/名称的旧cookie如果新cookie未过期或未过期,则将添加该cookie,这意味着它是会话cookie。 问题是,我共享一个设置了过期时间的cookie,它可以正常工作。任何人都知道为什么我的会话cookie没有被共享,或者如果它实际上是因为setCookie不能这样做,那么我如何以不同的方式来做呢 这是我的密码:Android 未共享会话cookie,android,cookies,webview,session-cookies,Android,Cookies,Webview,Session Cookies,经过无数个小时,我终于想出了如何在我的httpclient和我的webview之间共享cookies。我现在的问题是,由于某种原因,我的会话cookie没有被共享 在我找到的android文档中: 公共void setCookie(字符串url、字符串值) 自:API级别1 为给定url设置cookie。将删除具有相同主机/路径/名称的旧cookie如果新cookie未过期或未过期,则将添加该cookie,这意味着它是会话cookie。 问题是,我共享一个设置了过期时间的cookie,它可以正常
package mds.test;
import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.util.ArrayList;
import java.util.List;
import org.apache.http.HttpResponse;
import org.apache.http.NameValuePair;
import org.apache.http.client.ClientProtocolException;
import org.apache.http.client.entity.UrlEncodedFormEntity;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.cookie.Cookie;
import org.apache.http.impl.client.DefaultHttpClient;
import org.apache.http.message.BasicNameValuePair;
import android.app.Activity;
import android.content.Context;
import android.os.Bundle;
import android.telephony.TelephonyManager;
import android.util.Log;
import android.webkit.CookieManager;
import android.webkit.CookieSyncManager;
import android.webkit.WebView;
import android.webkit.WebViewClient;
public class Home extends Activity {
public static final String LOG_TAG = "Droidnova";
private class HelloWebViewClient extends WebViewClient {
@Override
public boolean shouldOverrideUrlLoading(WebView view, String url) {
view.loadUrl(url);
return true;
}
}
private String tmDevice;
private String sid;
private String url;
public static Cookie cookie = null;
public void onCreate(Bundle savedInstanceState) {
super.onCreate(savedInstanceState);
CookieSyncManager.createInstance(this);
CookieManager cookieManager = CookieManager.getInstance();
cookieManager.setAcceptCookie(true);
final TelephonyManager tm = (TelephonyManager) getBaseContext().getSystemService(Context.TELEPHONY_SERVICE);
tmDevice = "blabla" + tm.getDeviceId();
postData();
url = "mywebsite="+sid.substring(5);
Log.d(LOG_TAG, "cookie value: " + cookie);
if (cookie != null) {
cookieManager.removeSessionCookie();
String cookieString = cookie.getName() + "=" + cookie.getValue() + "; domain=" + cookie.getDomain();
cookieManager.setCookie(cookie.getDomain(), cookieString);
CookieSyncManager.getInstance().sync();
}
setContentView(R.layout.web);
WebView myWebView = (WebView) findViewById(R.id.webview);
myWebView.getSettings().setJavaScriptEnabled(true);
myWebView.setWebViewClient(new HelloWebViewClient());
myWebView.loadUrl(url);
}
public void postData() {
// Create a new HttpClient and Post Header
DefaultHttpClient httpclient = new DefaultHttpClient();
HttpPost httppost = new HttpPost("my website");
try {
// Add your data
List<NameValuePair> nameValuePairs = new ArrayList<NameValuePair>(1);
nameValuePairs.add(new BasicNameValuePair("uid", tmDevice));
httppost.setEntity(new UrlEncodedFormEntity(nameValuePairs));
// Execute HTTP Post Request
HttpResponse response = httpclient.execute(httppost);
inputStreamToString(response.getEntity().getContent());
List<Cookie> cookies = httpclient.getCookieStore().getCookies();
if (!cookies.isEmpty()) {
for (int i = 0; i < cookies.size(); i++) {
cookie = cookies.get(i);
}
}
} catch (ClientProtocolException e) {
// TODO Auto-generated catch block
} catch (IOException e) {
// TODO Auto-generated catch block
}
}
private void inputStreamToString(InputStream is) {
String line = "";
StringBuilder total = new StringBuilder();
// Wrap a BufferedReader around the InputStream
BufferedReader rd = new BufferedReader(new InputStreamReader(is));
// Read response until the end
try {
while ((line = rd.readLine()) != null) {
total.append(line);
}
} catch (IOException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
sid = total.toString();
}
}
包mds.test;
导入java.io.BufferedReader;
导入java.io.IOException;
导入java.io.InputStream;
导入java.io.InputStreamReader;
导入java.util.ArrayList;
导入java.util.List;
导入org.apache.http.HttpResponse;
导入org.apache.http.NameValuePair;
导入org.apache.http.client.ClientProtocolException;
导入org.apache.http.client.entity.UrlEncodedFormEntity;
导入org.apache.http.client.methods.HttpPost;
导入org.apache.http.cookie.cookie;
导入org.apache.http.impl.client.DefaultHttpClient;
导入org.apache.http.message.BasicNameValuePair;
导入android.app.Activity;
导入android.content.Context;
导入android.os.Bundle;
导入android.telephony.TelephonyManager;
导入android.util.Log;
导入android.webkit.CookieManager;
导入android.webkit.CookieSyncManager;
导入android.webkit.WebView;
导入android.webkit.WebViewClient;
公营家庭推广活动{
公共静态最终字符串LOG_TAG=“Droidnova”;
私有类HelloWebViewClient扩展了WebViewClient{
@凌驾
公共布尔值shouldOverrideUrlLoading(WebView视图,字符串url){
view.loadUrl(url);
返回true;
}
}
专用字符串TMD设备;
私有字符串sid;
私有字符串url;
公共静态Cookie=null;
创建时的公共void(Bundle savedInstanceState){
super.onCreate(savedInstanceState);
CookieSyncManager.createInstance(此);
CookieManager CookieManager=CookieManager.getInstance();
cookieManager.setAcceptCookie(true);
final TelephonyManager tm=(TelephonyManager)getBaseContext().getSystemService(Context.TELEPHONY_SERVICE);
tmDevice=“blabla”+tm.getDeviceId();
postData();
url=“mywebsite=”+sid.substring(5);
Log.d(Log_标签,“cookie值:”+cookie);
if(cookie!=null){
cookieManager.removeSessionCookie();
字符串cookieString=cookie.getName()+“=”+cookie.getValue()+”;domain=“+cookie.getDomain();
setCookie(cookie.getDomain(),cookieString);
CookieSyncManager.getInstance().sync();
}
setContentView(R.layout.web);
WebView myWebView=(WebView)findviewbyd(R.id.WebView);
myWebView.getSettings().setJavaScriptEnabled(true);
setWebViewClient(新的HelloWebViewClient());
加载url(url);
}
public void postData(){
//创建一个新的HttpClient和Post头
DefaultHttpClient httpclient=新的DefaultHttpClient();
HttpPost HttpPost=新的HttpPost(“我的网站”);
试一试{
//添加您的数据
List nameValuePairs=新的ArrayList(1);
添加(新的BasicNameValuePair(“uid”,tmDevice));
setEntity(新的UrlEncodedFormEntity(nameValuePairs));
//执行HTTP Post请求
HttpResponse response=httpclient.execute(httppost);
inputStreamToString(response.getEntity().getContent());
列表cookies=httpclient.getCookieStore().getCookies();
如果(!cookies.isEmpty()){
对于(int i=0;i
注意,这不是一种解决方案,而是一种变通方法,前提是您可以访问页面的代码
您可以传递cookie的POST值,而不是将cookie传递给webView:
String postData = cookie.getName() + "=" + cookie.getValue();
WebView myWebView = (WebView) findViewById(R.id.webview);
myWebView.getSettings().setJavaScriptEnabled(true);
myWebView.setWebViewClient(new HelloWebViewClient());
myWebView.postUrl(loadUrl,EncodingUtils.getBytes(postData, "BASE64") );
在授权机制中的网站上,您必须检查POST数据和会话。注意,这样做,因为攻击者可以在web浏览器中的任何域的受害者上设置POST数据,因此即使对于不在Android应用程序中的人,也可能会发生某些类型的XSRF攻击(即,攻击者欺骗不知情的用户使用其会话的攻击。)只能为您的域设置cookie,因此如果您仅使用cookie,则不可能进行这些攻击。此类攻击并不常见,但最好考虑一下这种可能性。