Sharing cookies from webview with BasicHttpRequest on Android

10
votes

I'm having trouble sending cookies as part of an http get. First I go to a login page within a webview which gives me a cookie. I have checked and the cookie is being stored in the CookieManager. Then I use a BasicHttpRequest to get a particular URL from the same domain. I would expect the cookie that I got from the login to be attached to my headers for the get, but looking at it in Wireshark it's not there. I've googled and read a lot of similar questions and have made sure that:

  • I am using the CookieSyncManager so I'd hope my cookies from the session would persist. I don't think it's a problem with the CookieSyncManager being asynchronous because I keep hitting the URL every 5 seconds and the cookie is never added.
  • I suspect I need to tell my http request about my cookie store, but the solutions I've googled don't compile for me. It looks like I want to do something looking like context.setAttribute(ClientContext.COOKIE_STORE, this.cookieStore), but I can't figure out how to get the default CookieStore from the CookieManager. Some code seems to call cookieManager.getCookieStore() but that doesn't compile for me on Android. Looking at the docs I can't see a way to get the CookieStore which seems mad - am I missing something obvious?

My code to start up the login page in my webview looks like:

 public void onCreate(Bundle savedInstanceState) {
    super.onCreate(savedInstanceState);

    // use cookies to remember a logged in status 
    CookieSyncManager.createInstance(this);
    CookieSyncManager.getInstance().startSync();

    //not sure if I need to do this
    CookieManager cookie_manager = CookieManager.getInstance();
    cookie_manager.setAcceptCookie(true);

    webview = new WebView(this);
    webview.getSettings().setJavaScriptEnabled(true);
    webview.setWebViewClient(new HelloWebViewClient()); // if user clicks on a url we need to steal that click, also steal the back button
    webview.loadUrl("http://"+my_server+"/api/v1/login");
    setContentView(webview);

Then my code to check the cookie is there looks like:

public static boolean CheckAuthorised() {
    CookieSyncManager.getInstance().sync();
    CookieManager cookie_manager = CookieManager.getInstance();

    String cookie_string = cookie_manager.getCookie("http://"+my_server+"/api/v1/login");
    System.out.println("lbp.me cookie_string: " + cookie_string);

    if(cookie_string != null)
    {
        String[] cookies = cookie_string.split(";");
        for (String cookie : cookies)
        {
            if(cookie.matches("API_AUTH=.*"))
            {
                // maybe we need to store the cookie for the root of the domain?
                cookie_manager.setCookie("http://"+my_server, cookie_string);
                // maybe we need to store the cookie for the url we're actually going to access?
                cookie_manager.setCookie("http://"+my_server+"/api/v1/activity", cookie_string);    

                CookieSyncManager.getInstance().sync();
                return true;
            }
        }
    }

    return false;
}

And to actually make the http request I do

public static HttpResponse getMeAWebpage(String host_string, int port, String url)
        throws Exception {
    HttpParams params = new BasicHttpParams();
    HttpProtocolParams.setVersion(params, HttpVersion.HTTP_1_1);
    HttpProtocolParams.setContentCharset(params, "UTF-8");
    HttpProtocolParams.setUserAgent(params, "HttpComponents/1.1");
    HttpProtocolParams.setUseExpectContinue(params, true);

    BasicHttpProcessor httpproc = new BasicHttpProcessor();
    // Required protocol interceptors
    httpproc.addInterceptor(new RequestContent());
    httpproc.addInterceptor(new RequestTargetHost());
    // Recommended protocol interceptors
    httpproc.addInterceptor(new RequestConnControl());
    httpproc.addInterceptor(new RequestUserAgent());
    httpproc.addInterceptor(new RequestExpectContinue());

    HttpRequestExecutor httpexecutor = new HttpRequestExecutor();

    HttpContext context = new BasicHttpContext(null);
    // HttpHost host = new HttpHost("www.svd.se", 80);
    HttpHost host = new HttpHost(host_string, port);

    DefaultHttpClientConnection conn = new DefaultHttpClientConnection();
    ConnectionReuseStrategy connStrategy = new DefaultConnectionReuseStrategy();

    context.setAttribute(ExecutionContext.HTTP_CONNECTION, conn);
    context.setAttribute(ExecutionContext.HTTP_TARGET_HOST, host);
    //CookieManager cookie_manager = CookieManager.getInstance();
    //CookieStore cookie_store = cookie_manager.getCookieStore(); //The method getCookieStore() is undefined for the type CookieManager
    //context.setAttribute(ClientContext.COOKIE_STORE, cookie_store);

    HttpResponse response = null;

    try {
        if (!conn.isOpen()) {
            Socket socket = new Socket(host.getHostName(), host.getPort());
            conn.bind(socket, params);
        }

        BasicHttpRequest request = new BasicHttpRequest("GET", url);
        System.out.println(">> Request URI: "
                + request.getRequestLine().getUri());
        System.out.println(">> Request: "
                + request.getRequestLine());

        request.setParams(params);
        httpexecutor.preProcess(request, httpproc, context);
        response = httpexecutor.execute(request, conn, context);
        response.setParams(params);
        httpexecutor.postProcess(response, httpproc, context);

        String ret = EntityUtils.toString(response.getEntity());
        System.out.println("<< Response: " + response.getStatusLine());
        System.out.println(ret);
        System.out.println("==============");
        if (!connStrategy.keepAlive(response, context)) {
            conn.close();
        } else {
            System.out.println("Connection kept alive...");
        }
    } catch(UnknownHostException e) {
        System.out.println("UnknownHostException"); 
    } catch (HttpException e) {
        System.out.println("HttpException"); 
    } finally {
        conn.close();
    }

    return response;
}

Thank you for reading this far! Any suggestions gratefully received,

Amy

1
androidcookieshttprequestandroid-webview
Have you tried params.setParameter("cookie", cookie) ? while cookie is the valid Cookie from your CookieStore.Franziskus Karsunke
Hi Franziskus, I just tried params.setParameter("cookie", cookie), and I can see that params now has 5 entries, but the cookie part never makes it into the http get as seen using Wireshark.Amy Phillips

1 Answers

3
votes

Attaching cookies is finally working for me! I might not have done it the easiest way, but at least it works. My big breakthrough was downloading and attaching the android sources, so that I could step through and see what was happening. There are instructions here http://blog.michael-forster.de/2008/12/view-android-source-code-in-eclipse.html - scroll down and read the comment from Volure for the simplest download. I highly highly recommend doing this if you're developing on Android.

Now on to the working cookies code - most changes were in the code that actually gets me my webpage - I had to set up a COOKIE_STORE and a COOKIESPEC_REGISTRY. Then I also had to change my connection type because the cookies code was casting it to a ManagedClientConnection:

public static HttpResponse getMeAWebpage(String host_string, int port, String url)
        throws Exception {
    HttpParams params = new BasicHttpParams();
    HttpProtocolParams.setVersion(params, HttpVersion.HTTP_1_1);
    HttpProtocolParams.setContentCharset(params, "UTF-8");
    HttpProtocolParams.setUserAgent(params, "HttpComponents/1.1");
    HttpProtocolParams.setUseExpectContinue(params, true);
    //params.setParameter("cookie", cookie);

    BasicHttpProcessor httpproc = new BasicHttpProcessor();
    // Required protocol interceptors
    httpproc.addInterceptor(new RequestContent());
    httpproc.addInterceptor(new RequestTargetHost());
    // Recommended protocol interceptors
    httpproc.addInterceptor(new RequestConnControl());
    httpproc.addInterceptor(new RequestUserAgent());
    httpproc.addInterceptor(new RequestExpectContinue());
    httpproc.addInterceptor(new RequestAddCookies());


    HttpRequestExecutor httpexecutor = new HttpRequestExecutor();

    HttpContext context = new BasicHttpContext(null);
    // HttpHost host = new HttpHost("www.svd.se", 80);
    HttpHost host = new HttpHost(host_string, port);
    HttpRoute route = new HttpRoute(host, null, false);

    // Create and initialize scheme registry 
    SchemeRegistry schemeRegistry = new SchemeRegistry();
    schemeRegistry.register(new Scheme("http", PlainSocketFactory.getSocketFactory(), 80));
    schemeRegistry.register(new Scheme("https", SSLSocketFactory.getSocketFactory(), 443));

    SingleClientConnManager conn_mgr = new SingleClientConnManager(params, schemeRegistry);
    ManagedClientConnection conn = conn_mgr.getConnection(route, null /*state*/);
    ConnectionReuseStrategy connStrategy = new DefaultConnectionReuseStrategy();

    context.setAttribute(ExecutionContext.HTTP_CONNECTION, conn);
    context.setAttribute(ExecutionContext.HTTP_TARGET_HOST, host);

    CookieStore cookie_store = new BasicCookieStore();
    cookie_store.addCookie(cookie);
    context.setAttribute(ClientContext.COOKIE_STORE, cookie_store);

    // not sure if I need to add all these specs, but may as well
    CookieSpecRegistry cookie_spec_registry = new CookieSpecRegistry();
    cookie_spec_registry.register(
            CookiePolicy.BEST_MATCH,
            new BestMatchSpecFactory());
    cookie_spec_registry.register(
            CookiePolicy.BROWSER_COMPATIBILITY,
            new BrowserCompatSpecFactory());
    cookie_spec_registry.register(
            CookiePolicy.NETSCAPE,
            new NetscapeDraftSpecFactory());
    cookie_spec_registry.register(
            CookiePolicy.RFC_2109,
            new RFC2109SpecFactory());
    cookie_spec_registry.register(
            CookiePolicy.RFC_2965,
            new RFC2965SpecFactory());
    //cookie_spec_registry.register(
    //        CookiePolicy.IGNORE_COOKIES,
    //        new IgnoreSpecFactory());
    context.setAttribute(ClientContext.COOKIESPEC_REGISTRY, cookie_spec_registry);

    HttpResponse response = null;

    try {
        if (!conn.isOpen()) {
            conn.open(route, context, params);  
        }

        BasicHttpRequest request = new BasicHttpRequest("GET", url);
        System.out.println(">> Request URI: "
                + request.getRequestLine().getUri());
        System.out.println(">> Request: "
                + request.getRequestLine());

        request.setParams(params);
        httpexecutor.preProcess(request, httpproc, context);
        response = httpexecutor.execute(request, conn, context);
        response.setParams(params);
        httpexecutor.postProcess(response, httpproc, context);

        String ret = EntityUtils.toString(response.getEntity());
        System.out.println("<< Response: " + response.getStatusLine());
        System.out.println(ret);
        System.out.println("==============");
        if (!connStrategy.keepAlive(response, context)) {
            conn.close();
        } else {
            System.out.println("Connection kept alive...");
        }
    } catch(UnknownHostException e) {
        System.out.println("UnknownHostException"); 
    } catch (HttpException e) {
        System.out.println("HttpException"); 
    } finally {
        conn.close();
    }

    return response;
}

My code to set up my cookie lives in the same class as getMeAWebpage() looks like:

public static void SetCookie(String auth_cookie, String domain)
{
    String[] cookie_bits = auth_cookie.split("=");
    cookie = new BasicClientCookie(cookie_bits[0], cookie_bits[1]);
    cookie.setDomain(domain); // domain must not have 'http://' on the front
    cookie.setComment("put a comment here if you like describing your cookie");
    //cookie.setPath("/blah"); I don't need to set the path - I want the cookie to apply to everything in my domain
    //cookie.setVersion(1); I don't set the version so that I get less strict checking for cookie matches and am more likely to actually get the cookie into the header!  Might want to play with this when you've got it working...
}

I really hope this helps if you're having similar problems - I feel like I've been banging my head against a wall for a couple of weeks! Now for a well-deserved celebratory cup of tea :o)