CookieManager
public
abstract
class
CookieManager
extends Object
java.lang.Object | |
↳ | android.webkit.CookieManager |
Manages the cookies used by an application's WebView
instances.
CookieManager represents cookies as strings in the same format as the
HTTP Cookie
and Set-Cookie
header fields (defined in
RFC6265bis).
Summary
Public constructors | |
---|---|
CookieManager()
This constructor is deprecated.
This class should not be constructed by applications, use |
Public methods | |
---|---|
abstract
boolean
|
acceptCookie()
Gets whether the application's |
abstract
boolean
|
acceptThirdPartyCookies(WebView webview)
Gets whether the |
static
boolean
|
allowFileSchemeCookies()
Gets whether the application's |
abstract
void
|
flush()
Ensures all cookies currently accessible through the getCookie API are written to persistent storage. |
abstract
String
|
getCookie(String url)
Gets all the cookies for the given URL. |
static
CookieManager
|
getInstance()
Gets the singleton CookieManager instance. |
abstract
boolean
|
hasCookies()
Gets whether there are stored cookies. |
abstract
void
|
removeAllCookie()
This method was deprecated
in API level 21.
Use |
abstract
void
|
removeAllCookies(ValueCallback<Boolean> callback)
Removes all cookies. |
abstract
void
|
removeExpiredCookie()
This method was deprecated in API level 21. The WebView handles removing expired cookies automatically. |
abstract
void
|
removeSessionCookie()
This method was deprecated
in API level 21.
use |
abstract
void
|
removeSessionCookies(ValueCallback<Boolean> callback)
Removes all session cookies, which are cookies without an expiration date. |
abstract
void
|
setAcceptCookie(boolean accept)
Sets whether the application's |
static
void
|
setAcceptFileSchemeCookies(boolean accept)
This method was deprecated in API level 30. This setting is not secure, please use androidx.webkit.WebViewAssetLoader instead. |
abstract
void
|
setAcceptThirdPartyCookies(WebView webview, boolean accept)
Sets whether the |
abstract
void
|
setCookie(String url, String value, ValueCallback<Boolean> callback)
Sets a single cookie (key-value pair) for the given URL. |
abstract
void
|
setCookie(String url, String value)
Sets a single cookie (key-value pair) for the given URL. |
Protected methods | |
---|---|
Object
|
clone()
Creates and returns a copy of this object. |
Inherited methods | |
---|---|
Public constructors
CookieManager
public CookieManager ()
This constructor is deprecated.
This class should not be constructed by applications, use getInstance()
instead to fetch the singleton instance.
Public methods
acceptCookie
public abstract boolean acceptCookie ()
Gets whether the application's WebView
instances send and accept
cookies.
Returns | |
---|---|
boolean |
true if WebView instances send and accept cookies |
acceptThirdPartyCookies
public abstract boolean acceptThirdPartyCookies (WebView webview)
Gets whether the WebView
should allow third party cookies to be set.
Parameters | |
---|---|
webview |
WebView : the WebView instance to get the cookie policy for |
Returns | |
---|---|
boolean |
true if the WebView accepts third party cookies |
allowFileSchemeCookies
public static boolean allowFileSchemeCookies ()
Gets whether the application's WebView
instances send and accept
cookies for file scheme URLs.
Returns | |
---|---|
boolean |
true if WebView instances send and accept cookies for
file scheme URLs |
flush
public abstract void flush ()
Ensures all cookies currently accessible through the getCookie API are written to persistent storage. This call will block the caller until it is done and may perform I/O.
getCookie
public abstract String getCookie (String url)
Gets all the cookies for the given URL. This may return multiple key-value pairs if multiple
cookies are associated with this URL, in which case each cookie will be delimited by "; "
characters (semicolon followed by a space). Each key-value pair will be of the form
"key=value"
.
Note: Any cookies set with the "Partitioned"
attribute will only be returned
for the top-level partition of url
.
Parameters | |
---|---|
url |
String : the URL for which the cookies are requested |
Returns | |
---|---|
String |
value the cookies as a string, using the format of the 'Cookie' HTTP request header |
getInstance
public static CookieManager getInstance ()
Gets the singleton CookieManager instance.
Returns | |
---|---|
CookieManager |
the singleton CookieManager instance |
hasCookies
public abstract boolean hasCookies ()
Gets whether there are stored cookies.
Returns | |
---|---|
boolean |
true if there are stored cookies |
removeAllCookie
public abstract void removeAllCookie ()
This method was deprecated
in API level 21.
Use removeAllCookies(android.webkit.ValueCallback)
instead.
Removes all cookies.
removeAllCookies
public abstract void removeAllCookies (ValueCallback<Boolean> callback)
Removes all cookies.
This method is asynchronous.
If a ValueCallback
is provided,
onReceiveValue()
will be called on the current
thread's Looper
once the operation is complete.
The value provided to the callback indicates whether any cookies were removed.
You can pass null
as the callback if you don't need to know when the operation
completes or whether any cookies were removed, and in this case it is safe to call the
method from a thread without a Looper.
Parameters | |
---|---|
callback |
ValueCallback : a callback which is executed when the cookies have been removed
This value may be null . |
removeExpiredCookie
public abstract void removeExpiredCookie ()
This method was deprecated
in API level 21.
The WebView handles removing expired cookies automatically.
Removes all expired cookies.
removeSessionCookie
public abstract void removeSessionCookie ()
This method was deprecated
in API level 21.
use removeSessionCookies(android.webkit.ValueCallback)
instead.
Removes all session cookies, which are cookies without an expiration date.
removeSessionCookies
public abstract void removeSessionCookies (ValueCallback<Boolean> callback)
Removes all session cookies, which are cookies without an expiration date.
This method is asynchronous.
If a ValueCallback
is provided,
onReceiveValue()
will be called on the current
thread's Looper
once the operation is complete.
The value provided to the callback indicates whether any cookies were removed.
You can pass null
as the callback if you don't need to know when the operation
completes or whether any cookie were removed, and in this case it is safe to call the
method from a thread without a Looper.
Parameters | |
---|---|
callback |
ValueCallback : a callback which is executed when the session cookies have been removed
This value may be null . |
setAcceptCookie
public abstract void setAcceptCookie (boolean accept)
Sets whether the application's WebView
instances should send and
accept cookies.
By default this is set to true
and the WebView accepts cookies.
When this is true
setAcceptThirdPartyCookies
and
setAcceptFileSchemeCookies
can be used to control the policy for those specific types of cookie.
Parameters | |
---|---|
accept |
boolean : whether WebView instances should send and accept
cookies |
setAcceptFileSchemeCookies
public static void setAcceptFileSchemeCookies (boolean accept)
This method was deprecated
in API level 30.
This setting is not secure, please use
androidx.webkit.WebViewAssetLoader instead.
Sets whether the application's WebView
instances should send and accept cookies for
file scheme URLs.
Use of cookies with file scheme URLs is potentially insecure and turned off by default. All
file://
URLs share all their cookies, which may lead to leaking private app cookies
(ex. any malicious file can access cookies previously set by other (trusted) files).
Loading content via file://
URLs is generally discouraged. See the note in
WebSettings.setAllowFileAccess
.
Using
androidx.webkit.WebViewAssetLoader to load files over http(s)://
URLs allows
the standard web security model to be used for setting and sharing cookies for local files.
Note that calls to this method will have no effect if made after calling other
CookieManager
APIs.
Parameters | |
---|---|
accept |
boolean |
setAcceptThirdPartyCookies
public abstract void setAcceptThirdPartyCookies (WebView webview, boolean accept)
Sets whether the WebView
should allow third party cookies to be set.
Allowing third party cookies is a per WebView policy and can be set
differently on different WebView instances.
Apps that target Build.VERSION_CODES.KITKAT
or below
default to allowing third party cookies. Apps targeting
Build.VERSION_CODES.LOLLIPOP
or later default to disallowing
third party cookies.
Parameters | |
---|---|
webview |
WebView : the WebView instance to set the cookie policy on |
accept |
boolean : whether the WebView instance should accept
third party cookies |
setCookie
public abstract void setCookie (String url, String value, ValueCallback<Boolean> callback)
Sets a single cookie (key-value pair) for the given URL. Any existing cookie with the same host, path and name will be replaced with the new cookie. The cookie being set will be ignored if it is expired. To set multiple cookies, your application should invoke this method multiple times.
The value
parameter must follow the format of the Set-Cookie
HTTP response
header. This is a key-value pair of the form "key=value"
, optionally followed by a
list of cookie attributes delimited with semicolons (ex. "key=value; Max-Age=123"
).
For the header format and attributes supported by WebView, see the Set-Cookie
documentation on MDN.
This method is asynchronous. If a ValueCallback
is provided,
ValueCallback.onReceiveValue
will be called on the current
thread's Looper
once the operation is complete.
The value provided to the callback indicates whether the cookie was set successfully.
You can pass null
as the callback if you don't need to know when the operation
completes or whether it succeeded, and in this case it is safe to call the method from a
thread without a Looper.
Notes:
- If specifying a
value
containing the"Secure"
attribute,url
must use the"https://"
scheme. - if specifying a
value
containing the"Partitioned"
attribute, the cookie will be set for the top-level partition of theurl
.
Parameters | |
---|---|
url |
String : the URL for which the cookie is to be set |
value |
String : the cookie as a string, using the format of the 'Set-Cookie'
HTTP response header |
callback |
ValueCallback : a callback to be executed when the cookie has been set
This value may be null . |
setCookie
public abstract void setCookie (String url, String value)
Sets a single cookie (key-value pair) for the given URL. Any existing cookie with the same host, path and name will be replaced with the new cookie. The cookie being set will be ignored if it is expired. To set multiple cookies, your application should invoke this method multiple times.
The value
parameter must follow the format of the Set-Cookie
HTTP response
header. This is a key-value pair of the form "key=value"
, optionally followed by a
list of cookie attributes delimited with semicolons (ex. "key=value; Max-Age=123"
).
For the header format and attributes supported by WebView, see the Set-Cookie
documentation on MDN.
Notes:
- If specifying a
value
containing the"Secure"
attribute,url
must use the"https://"
scheme. - if specifying a
value
containing the"Partitioned"
attribute, the cookie will be set for the top-level partition of theurl
.
Parameters | |
---|---|
url |
String : the URL for which the cookie is to be set |
value |
String : the cookie as a string, using the format of the 'Set-Cookie'
HTTP response header |
Protected methods
clone
protected Object clone ()
Creates and returns a copy of this object. The precise meaning
of "copy" may depend on the class of the object. The general
intent is that, for any object x
, the expression:
will be true, and that the expression: x.clone() != x
will be x.clone().getClass() == x.getClass()
true
, but these are not absolute requirements.
While it is typically the case that:
will be x.clone().equals(x)
true
, this is not an absolute requirement.
By convention, the returned object should be obtained by calling
super.clone
. If a class and all of its superclasses (except
Object
) obey this convention, it will be the case that
x.clone().getClass() == x.getClass()
.
By convention, the object returned by this method should be independent
of this object (which is being cloned). To achieve this independence,
it may be necessary to modify one or more fields of the object returned
by super.clone
before returning it. Typically, this means
copying any mutable objects that comprise the internal "deep structure"
of the object being cloned and replacing the references to these
objects with references to the copies. If a class contains only
primitive fields or references to immutable objects, then it is usually
the case that no fields in the object returned by super.clone
need to be modified.
Returns | |
---|---|
Object |
a clone of this instance. |
Throws | |
---|---|
CloneNotSupportedException |