CookieManager

public abstract class CookieManager
extends Object

java.lang.Object
   ↳ android.webkit.CookieManager


Manages the cookies used by an application's WebView instances.

CookieManager represents cookies as strings in the same format as the HTTP Cookie and Set-Cookie header fields (defined in RFC6265bis).

Summary

Public constructors

CookieManager()

This constructor is deprecated. This class should not be constructed by applications, use getInstance() instead to fetch the singleton instance.

Public methods

abstract boolean acceptCookie()

Gets whether the application's WebView instances send and accept cookies.

abstract boolean acceptThirdPartyCookies(WebView webview)

Gets whether the WebView should allow third party cookies to be set.

static boolean allowFileSchemeCookies()

Gets whether the application's WebView instances send and accept cookies for file scheme URLs.

abstract void flush()

Ensures all cookies currently accessible through the getCookie API are written to persistent storage.

abstract String getCookie(String url)

Gets all the cookies for the given URL.

static CookieManager getInstance()

Gets the singleton CookieManager instance.

abstract boolean hasCookies()

Gets whether there are stored cookies.

abstract void removeAllCookie()

This method was deprecated in API level 21. Use removeAllCookies(android.webkit.ValueCallback) instead.

abstract void removeAllCookies(ValueCallback<Boolean> callback)

Removes all cookies.

abstract void removeExpiredCookie()

This method was deprecated in API level 21. The WebView handles removing expired cookies automatically.

abstract void removeSessionCookie()

This method was deprecated in API level 21. use removeSessionCookies(android.webkit.ValueCallback) instead.

abstract void removeSessionCookies(ValueCallback<Boolean> callback)

Removes all session cookies, which are cookies without an expiration date.

abstract void setAcceptCookie(boolean accept)

Sets whether the application's WebView instances should send and accept cookies.

static void setAcceptFileSchemeCookies(boolean accept)

This method was deprecated in API level 30. This setting is not secure, please use androidx.webkit.WebViewAssetLoader instead.

abstract void setAcceptThirdPartyCookies(WebView webview, boolean accept)

Sets whether the WebView should allow third party cookies to be set.

abstract void setCookie(String url, String value, ValueCallback<Boolean> callback)

Sets a single cookie (key-value pair) for the given URL.

abstract void setCookie(String url, String value)

Sets a single cookie (key-value pair) for the given URL.

Protected methods

Object clone()

Creates and returns a copy of this object.

Inherited methods

Public constructors

CookieManager

Added in API level 1
public CookieManager ()

This constructor is deprecated.
This class should not be constructed by applications, use getInstance() instead to fetch the singleton instance.

Public methods

acceptCookie

Added in API level 1
public abstract boolean acceptCookie ()

Gets whether the application's WebView instances send and accept cookies.

Returns
boolean true if WebView instances send and accept cookies

acceptThirdPartyCookies

Added in API level 21
public abstract boolean acceptThirdPartyCookies (WebView webview)

Gets whether the WebView should allow third party cookies to be set.

Parameters
webview WebView: the WebView instance to get the cookie policy for

Returns
boolean true if the WebView accepts third party cookies

allowFileSchemeCookies

Added in API level 12
public static boolean allowFileSchemeCookies ()

Gets whether the application's WebView instances send and accept cookies for file scheme URLs.

Returns
boolean true if WebView instances send and accept cookies for file scheme URLs

flush

Added in API level 21
public abstract void flush ()

Ensures all cookies currently accessible through the getCookie API are written to persistent storage. This call will block the caller until it is done and may perform I/O.

getCookie

Added in API level 1
public abstract String getCookie (String url)

Gets all the cookies for the given URL. This may return multiple key-value pairs if multiple cookies are associated with this URL, in which case each cookie will be delimited by "; " characters (semicolon followed by a space). Each key-value pair will be of the form "key=value".

Note: Any cookies set with the "Partitioned" attribute will only be returned for the top-level partition of url.

Parameters
url String: the URL for which the cookies are requested

Returns
String value the cookies as a string, using the format of the 'Cookie' HTTP request header

getInstance

Added in API level 1
public static CookieManager getInstance ()

Gets the singleton CookieManager instance.

Returns
CookieManager the singleton CookieManager instance

hasCookies

Added in API level 1
public abstract boolean hasCookies ()

Gets whether there are stored cookies.

Returns
boolean true if there are stored cookies

removeAllCookie

Added in API level 1
Deprecated in API level 21
public abstract void removeAllCookie ()

This method was deprecated in API level 21.
Use removeAllCookies(android.webkit.ValueCallback) instead.

Removes all cookies.

removeAllCookies

Added in API level 21
public abstract void removeAllCookies (ValueCallback<Boolean> callback)

Removes all cookies.

This method is asynchronous. If a ValueCallback is provided, onReceiveValue() will be called on the current thread's Looper once the operation is complete. The value provided to the callback indicates whether any cookies were removed. You can pass null as the callback if you don't need to know when the operation completes or whether any cookies were removed, and in this case it is safe to call the method from a thread without a Looper.

Parameters
callback ValueCallback: a callback which is executed when the cookies have been removed This value may be null.

removeExpiredCookie

Added in API level 1
Deprecated in API level 21
public abstract void removeExpiredCookie ()

This method was deprecated in API level 21.
The WebView handles removing expired cookies automatically.

Removes all expired cookies.

removeSessionCookie

Added in API level 1
Deprecated in API level 21
public abstract void removeSessionCookie ()

This method was deprecated in API level 21.
use removeSessionCookies(android.webkit.ValueCallback) instead.

Removes all session cookies, which are cookies without an expiration date.

removeSessionCookies

Added in API level 21
public abstract void removeSessionCookies (ValueCallback<Boolean> callback)

Removes all session cookies, which are cookies without an expiration date.

This method is asynchronous. If a ValueCallback is provided, onReceiveValue() will be called on the current thread's Looper once the operation is complete. The value provided to the callback indicates whether any cookies were removed. You can pass null as the callback if you don't need to know when the operation completes or whether any cookie were removed, and in this case it is safe to call the method from a thread without a Looper.

Parameters
callback ValueCallback: a callback which is executed when the session cookies have been removed This value may be null.

setAcceptCookie

Added in API level 1
public abstract void setAcceptCookie (boolean accept)

Sets whether the application's WebView instances should send and accept cookies. By default this is set to true and the WebView accepts cookies.

When this is true setAcceptThirdPartyCookies and setAcceptFileSchemeCookies can be used to control the policy for those specific types of cookie.

Parameters
accept boolean: whether WebView instances should send and accept cookies

setAcceptFileSchemeCookies

Added in API level 12
Deprecated in API level 30
public static void setAcceptFileSchemeCookies (boolean accept)

This method was deprecated in API level 30.
This setting is not secure, please use androidx.webkit.WebViewAssetLoader instead.

Sets whether the application's WebView instances should send and accept cookies for file scheme URLs.

Use of cookies with file scheme URLs is potentially insecure and turned off by default. All file:// URLs share all their cookies, which may lead to leaking private app cookies (ex. any malicious file can access cookies previously set by other (trusted) files).

Loading content via file:// URLs is generally discouraged. See the note in WebSettings#setAllowFileAccess. Using androidx.webkit.WebViewAssetLoader to load files over http(s):// URLs allows the standard web security model to be used for setting and sharing cookies for local files.

Note that calls to this method will have no effect if made after calling other CookieManager APIs.

Parameters
accept boolean

setAcceptThirdPartyCookies

Added in API level 21
public abstract void setAcceptThirdPartyCookies (WebView webview, 
                boolean accept)

Sets whether the WebView should allow third party cookies to be set. Allowing third party cookies is a per WebView policy and can be set differently on different WebView instances.

Apps that target Build.VERSION_CODES.KITKAT or below default to allowing third party cookies. Apps targeting Build.VERSION_CODES.LOLLIPOP or later default to disallowing third party cookies.

Parameters
webview WebView: the WebView instance to set the cookie policy on

accept boolean: whether the WebView instance should accept third party cookies

setCookie

Added in API level 21
public abstract void setCookie (String url, 
                String value, 
                ValueCallback<Boolean> callback)

Sets a single cookie (key-value pair) for the given URL. Any existing cookie with the same host, path and name will be replaced with the new cookie. The cookie being set will be ignored if it is expired. To set multiple cookies, your application should invoke this method multiple times.

The value parameter must follow the format of the Set-Cookie HTTP response header. This is a key-value pair of the form "key=value", optionally followed by a list of cookie attributes delimited with semicolons (ex. "key=value; Max-Age=123"). For the header format and attributes supported by WebView, see the Set-Cookie documentation on MDN.

This method is asynchronous. If a ValueCallback is provided, ValueCallback#onReceiveValue will be called on the current thread's Looper once the operation is complete. The value provided to the callback indicates whether the cookie was set successfully. You can pass null as the callback if you don't need to know when the operation completes or whether it succeeded, and in this case it is safe to call the method from a thread without a Looper.

Notes:

  • If specifying a value containing the "Secure" attribute, url must use the "https://" scheme.
  • if specifying a value containing the "Partitioned" attribute, the cookie will be set for the top-level partition of the url.

Parameters
url String: the URL for which the cookie is to be set

value String: the cookie as a string, using the format of the 'Set-Cookie' HTTP response header

callback ValueCallback: a callback to be executed when the cookie has been set This value may be null.

setCookie

Added in API level 1
public abstract void setCookie (String url, 
                String value)

Sets a single cookie (key-value pair) for the given URL. Any existing cookie with the same host, path and name will be replaced with the new cookie. The cookie being set will be ignored if it is expired. To set multiple cookies, your application should invoke this method multiple times.

The value parameter must follow the format of the Set-Cookie HTTP response header. This is a key-value pair of the form "key=value", optionally followed by a list of cookie attributes delimited with semicolons (ex. "key=value; Max-Age=123"). For the header format and attributes supported by WebView, see the Set-Cookie documentation on MDN.

Notes:

  • If specifying a value containing the "Secure" attribute, url must use the "https://" scheme.
  • if specifying a value containing the "Partitioned" attribute, the cookie will be set for the top-level partition of the url.

Parameters
url String: the URL for which the cookie is to be set

value String: the cookie as a string, using the format of the 'Set-Cookie' HTTP response header

Protected methods

clone

Added in API level 1
protected Object clone ()

Creates and returns a copy of this object. The precise meaning of "copy" may depend on the class of the object. The general intent is that, for any object x, the expression:

 x.clone() != x
will be true, and that the expression:
 x.clone().getClass() == x.getClass()
will be true, but these are not absolute requirements. While it is typically the case that:
 x.clone().equals(x)
will be true, this is not an absolute requirement.

By convention, the returned object should be obtained by calling super.clone. If a class and all of its superclasses (except Object) obey this convention, it will be the case that x.clone().getClass() == x.getClass().

By convention, the object returned by this method should be independent of this object (which is being cloned). To achieve this independence, it may be necessary to modify one or more fields of the object returned by super.clone before returning it. Typically, this means copying any mutable objects that comprise the internal "deep structure" of the object being cloned and replacing the references to these objects with references to the copies. If a class contains only primitive fields or references to immutable objects, then it is usually the case that no fields in the object returned by super.clone need to be modified.

Returns
Object a clone of this instance.

Throws
CloneNotSupportedException