LoginSignup
10
11

More than 5 years have passed since last update.

@granoeste(Katsumi Onishi)in株式会社ディー・エヌ・エー

WebViewで属性が指定されたCookieをCookieManagerから取得できるのか?

Last updated at Posted at 2015-09-17

Yahoo!JAPAN (www.yahoo.co.jp) で試す。

アクセスした時のHTTPログ

HttpRequest_Headers
GET / HTTP/1.1
Host    www.yahoo.co.jp
Accept  text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
User-Agent  Mozilla/5.0 (Linux; Android 4.4.4; Nexus 7 Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Safari/537.36
Accept-Encoding gzip,deflate
Accept-Language ja-JP,en-US;q=0.8
X-Requested-With    net.granoeste.scaffold.sample
Pragma  no-cache
Cache-Control   no-cache
HttpResponse_Headers
HTTP/1.1 200 OK
Server  nginx
Date    Thu, 17 Sep 2015 09:54:43 GMT
Content-Type    text/html; charset=UTF-8
Transfer-Encoding   chunked
Connection  close
P3P policyref="http://privacy.yahoo.co.jp/w3c/p3p_jp.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE GOV"
Set-Cookie  B=304ntctavl3f3&b=3&s=3k; expires=Sun, 17-Sep-2017 09:54:43 GMT; path=/; domain=.yahoo.co.jp
Cache-Control   private, no-cache, no-store, must-revalidate
Pragma  no-cache
X-XRDS-Location https://open.login.yahooapis.jp/openid20/www.yahoo.co.jp/xrds
Vary    Accept-Encoding
Content-Encoding    gzip
X-Frame-Options SAMEORIGIN
Expires 0
Set-Cookie
B : 304ntctavl3f3&b=3&s=3k
    Expires | Sun, 17-Sep-2017 09:54:43 GMT
    Domain  | .yahoo.co.jp
    Path    | /

Set-Cookieにdomain属性が指定されている

ページ読み込み完了時にCookiesを取得

webView.setWebViewClient(
   new WebViewClient() {
        //ページ読み込み完了時に呼ばれる
        @Override
        public void onPageFinished(final WebView view, final String url) {
            String host = URI.create(url).getHost();
            Log.d(TAG, "cookies on " + host);

            for(String cookie : getCookies(host).split(";")) {
                Log.d(TAG, "  " + cookie.trim());
            }

            // サブドメインでCookieを取得
            Log.d(TAG, "cookies on " + "auctions.yahoo.co.jp");
            for(String cookie : getCookies("auctions.yahoo.co.jp").split(";")) {
                Log.d(TAG, "  " + cookie.trim());
            }
        }

   }
}

private String getCookies(String url) {
    return CookieManager.getInstance().getCookie(url);
}

Logcat

   WebViewActivity  V  cookies on www.yahoo.co.jp
                    V    B=304ntctavl3f3&b=3&s=3k
                    V    btpdb.2wzBV9u.dGZjLjE0NDcxNDU=UkVRVUVTVFMuMA
                    V    btpdb.2wzBV9u.dGZjLjE5ODkzNTc=REFZUw
                    V    btpdb.2wzBV9u.dGZjLjE0MzQzNDg=VVNFUg

   WebViewActivity  V  cookies on auctions.yahoo.co.jp
                    V    B=304ntctavl3f3&b=3&s=3k

/data/data/[application_id]/app_webview/Cookiesの内容

creation_utc host_key name value path expires_utc secure httponly last_access_utc has_expires persistent priority encrypted_value
13086957283745489 .yahoo.co.jp B 304ntctavl3f3&b=3&s=3k / 13150115683745489 0 0 13086957283745489 1 1 1
13086957286177547 www.yahoo.co.jp btpdb.2wzBV9u.dGZjLjE0NDcxNDU UkVRVUVTVFMuMA / 13118493286000000 0 0 13086957286177547 1 1 1
13086957286180113 www.yahoo.co.jp btpdb.2wzBV9u.dGZjLjE5ODkzNTc REFZUw / 13087043686000000 0 0 13086957286180113 1 1 1
13086957286181128 www.yahoo.co.jp btpdb.2wzBV9u.dGZjLjE0MzQzNDg VVNFUg / 13118493286000000 0 0 13086957286181128 1 1 1

オークションのURL:auctions.yahoo.co.jpのCookieは、サブドメイン(.yahoo.co.jp)指定されたものしか取得でないようになっている。

secure属性, httponly属性もCookieのテーブルには指定されているが CookieManagerで取得できるかは試せてない...

逆に、domain属性を指定したCookieはWebViewでどうなるのか試す。

@Override
protected void onStart() {
    super.onStart();

    saveCookie(".yahoo.co.jp", "material1=dough;"); // サブドメイン指定
    saveCookie("auctions.yahoo.co.jp", "material2=chocolate;"); // FQDN指定
    saveCookie("www.yahoo.co.jp", "material2=chocolate,almond,coconut;"); // FQDN指定
}

private void setCookies(String url, String cookies) {
    CookieSyncManager.createInstance(this);
    CookieManager cookieManager = CookieManager.getInstance();
    cookieManager.setAcceptCookie(true);
    for (String cookie : cookies.split(";")) {
        cookieManager.setCookie(url, cookie);
    }
    CookieManager.getInstance().flush();
}
HttpRequest_Headers
GET / HTTP/1.1
Host    www.yahoo.co.jp
Accept  text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
User-Agent  Mozilla/5.0 (Linux; Android 4.4.4; Nexus 7 Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Safari/537.36
Accept-Encoding gzip,deflate
Accept-Language ja-JP,en-US;q=0.8
Cookie  material1=dough; material2=chocolate,almond,coconut
X-Requested-With    net.granoeste.scaffold.sample
Pragma  no-cache
Cache-Control   no-cache
HttpRequest_Headers
Host    yads.yahoo.co.jp
GET /tag?s=25597_3463&t=j&ss~ HTTP/1.1
Accept  */*
User-Agent  Mozilla/5.0 (Linux; Android 4.4.4; Nexus 7 Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Safari/537.36
Referer http://www.yahoo.co.jp/
Accept-Encoding gzip,deflate
Accept-Language ja-JP,en-US;q=0.8
Cookie  material1=dough; B=2rbkb65avmsat&b=3&s=33
X-Requested-With    net.granoeste.scaffold.sample
Pragma  no-cache
Cache-Control   no-cache

サブドメインのCookieも送られていることがわかる。

HttpRequest_Headers
Host    b11.yahoo.co.jp
GET /b?P=PMtKjzEyNy5jk27JgT4xzFEpMTIyLgAAAAD2lSSR~ HTTP/1.1
Accept  image/webp,*/*;q=0.8
User-Agent  Mozilla/5.0 (Linux; Android 4.4.4; Nexus 7 Build/KTU84P) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Safari/537.36
Referer http://www.yahoo.co.jp/
Accept-Encoding gzip,deflate
Accept-Language ja-JP,en-US;q=0.8
Cookie  material1=dough; B=2rbkb65avmsat&b=3&s=33
X-Requested-With    net.granoeste.scaffold.sample
Pragma  no-cache
Cache-Control   no-cache
HttpResponse_Headers
HTTP/1.1 200 OK
Date    Fri, 18 Sep 2015 02:05:21 GMT
P3P policyref="http://privacy.yahoo.co.jp/w3c/p3p_jp.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE GOV"
X-Content-Type-Options  nosniff
X-XSS-Protection    1; mode=block
X-Frame-Options SAMEORIGIN
Set-Cookie  material1=COOKIEBLAST; domain=.yahoo.co.jp; expires=Sat, 22-Nov-1980 20:00:00 GMT; path=/;
Cache-Control   no-cache, no-store, private, no-cache=Set-Cookie, proxy-revalidate
Pragma  no-cache
Content-Length  43
Connection  close
Content-Type    image/gif
Expires 0
Set-Cookie
material1 | COOKIEBLAST
    Expires | Sat, 22-Nov-1980 20:00:00 GMT
    Domain  | .yahoo.co.jp
    Path    | /

変なCookieを送っていたのでCOOKIEBLASTされましたw

Expiresが過去日付にされCookieが無効になったので、CookieManagerから取得することも出来なくなります。

注)
Android 4.4.4 Nexus 7 での検証です。

10
11
0

Register as a new user and use Qiita more conveniently

  1. You get articles that match your needs
  2. You can efficiently read back useful information
  3. You can use dark theme
What you can do with signing up
Sign upLogin
10
11