A tale on Android cookies store management

Elye
Elye
Nov 10, 2017 · 5 min read
Image for post
Image for post

Cookies storing is an essential part of Android development, used extensively in authentication. Here I’m sharing various options of managing cookies store in Android using a tale as below.

Along with it, I also provide sample Apps (with codes) for all of the scenarios below.

In the beginning

An APP was created. A well polished app that performs its function well. But it is just interacting by itself. No one else to talk to. Self sufficient.

One day, it gets connected to Mr. API. Mr. API would want to give it some cookies.

Image for post
Image for post

However, the APP doesn’t have anything to store the cookies. Hence every time it restarts itself, the cookies are cleared, as show in my example App below (below I actually use a hashmap to store it, just to show the data temporary)

Image for post
Image for post
App Hashmap CookieStore

Learning to save

Mr. API is not happy that APP is not storing the given cookies, as that defeats the purpose of APP having the cookies.

Hence the APP now has to do something to store the cookies, so that it doesn’t loose it every time it restarts.

However the APP doesn’t want to build itself the storage. Fortunately a library was found that help with that i.e. PersistentCookieJar.

Image for post
Image for post

This was good, as APP doesn’t need to always rely on Mr. API anymore for the previous cookies it obtained even after it restart itself.

A new relationship

One day, the APP discover it needs to talk to a new person, Ms. Webview. Ms. Webview wanted the cookies that APP received from Mr. API in order to recognize APP is trustable.

Unfortunately, with what’s available, APP is not able to share its cookies with Ms Webview. This is illustrated in my example App below (i.e. it can store the cookie, but not send over to Webview)

Image for post
Image for post
App Persistent Cookie Store

Learning to give in a right way

In order to be connected to Ms. Webview properly, APP has to share cookies with Ms. Webview in the way she prefers, that is through the WebKit CookieManager.

The plan is, every time APP plan to launch Webview, the cookies will need to be copied from the PersistentCookieJar to the CookieManager.

Image for post
Image for post

Hurray! APP can now be trusted by Ms. Webview, and she will perform what she is meant to do.

A new desire… bidirectional relationship

This all works fine. But APP feels something is still missing.

APP constantly gives cookies to Ms. Webview. However, whenever Ms. Webview has changes the cookies or has a new cookie, APP is totally unaware of it. It’s a one way relationship.

This is illustrated by my example App below (i.e. it can store the cookie, and send it over to Webview. But if Webview changes the cookie, APP will not get the change)

App Persistent Web Sync Cookie

Learning to share

APP then have an idea, “Why not we just share one approach of Cookie Storing, instead of two?”

We know Ms. Webview will only like her way of getting cookies, that’s Webkit CookieManager. So, APP decided to not use PersistentCookieStore, but just share Webkit CookieManager with Ms. Webview.

This is illustrated as below.

Image for post
Image for post

How to do it? Apparently there are several ways of doing it as shared below

Illustrated in my App Example as below (i.e. it can store the cookie, and send it over to Webview, and get webview changed cookies as well)

Image for post
Image for post
App Web Cookier Manager

And with this, they live happily ever after … (or maybe not, if they start to mess around each other cookies in a way not intended by the other party :P)

Hopes you like the story above that links you to 4 different App cookies storing above

  1. No storing or just using Hashmap — non persistent, every time restart, all cookies need to be retrieved again
  2. Using PersistentCookieJar — persistent and good for encapsulating the Cookies within the App itself, without sharing with any Webview
  3. Using PersistentCookieJar by sync to CookieManager — Need for the case where Webview need the token from App to authenticate. But App would like to have it’s own cookie secured not changed by Webview
  4. Sharing CookieMnager — Useful for the case where there’s tight coupling of App and Webview interaction (e.g. reissue of token could happen either side, and both would benefit from it).

The example APP is stored in the below structure, each is an App by itself, and shared the same base-module.

Image for post
Image for post

I hope you appreciate this post and it’s helpful for you. Do share with others.

You could check out my other interesting topics here.

Follow me on medium, Twitter or Facebook for little tips and learning on Android, Kotlin etc related topics. ~Elye~

Mobile App Development Publication

Sharing Mobile App Development and Learning

Elye

Written by

Elye

Passionate about learning, and sharing mobile development and others https://twitter.com/elye_project https://www.facebook.com/elye.proj

Mobile App Development Publication

Sharing iOS, Android and relevant Mobile App Development Technology and Learning

Elye

Written by

Elye

Passionate about learning, and sharing mobile development and others https://twitter.com/elye_project https://www.facebook.com/elye.proj

Mobile App Development Publication

Sharing iOS, Android and relevant Mobile App Development Technology and Learning

Medium is an open platform where 170 million readers come to find insightful and dynamic thinking. Here, expert and undiscovered voices alike dive into the heart of any topic and bring new ideas to the surface. Learn more

Follow the writers, publications, and topics that matter to you, and you’ll see them on your homepage and in your inbox. Explore

If you have a story to tell, knowledge to share, or a perspective to offer — welcome home. It’s easy and free to post your thinking on any topic. Write on Medium

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store