3
經過很多很多小時的設法弄清楚如何在我的httpclient和我的webview之間共享cookie。我現在的問題是,由於某種原因,我的會話cookie不被共享。會話cookie不被共享
在Android文檔,我發現: 公共無效setCookie方法(字符串URL,字符串值) 自:API等級1 對於給定的URL集的cookie。具有相同主機/路徑/名稱的舊Cookie將被刪除。 如果新的cookie沒有過期,或者它沒有到期,這意味着它是會話cookie,則會添加新的cookie。
事情是我分享一個有過期設定和它的作品的cookie。任何人有任何想法,爲什麼我的會話cookie不共享,或者如果它實際上,因爲setCookie不能做到這一點,我怎麼能以不同的方式做到這一點。
這裏是我的代碼:
package mds.test;
import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.util.ArrayList;
import java.util.List;
import org.apache.http.HttpResponse;
import org.apache.http.NameValuePair;
import org.apache.http.client.ClientProtocolException;
import org.apache.http.client.entity.UrlEncodedFormEntity;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.cookie.Cookie;
import org.apache.http.impl.client.DefaultHttpClient;
import org.apache.http.message.BasicNameValuePair;
import android.app.Activity;
import android.content.Context;
import android.os.Bundle;
import android.telephony.TelephonyManager;
import android.util.Log;
import android.webkit.CookieManager;
import android.webkit.CookieSyncManager;
import android.webkit.WebView;
import android.webkit.WebViewClient;
public class Home extends Activity {
public static final String LOG_TAG = "Droidnova";
private class HelloWebViewClient extends WebViewClient {
@Override
public boolean shouldOverrideUrlLoading(WebView view, String url) {
view.loadUrl(url);
return true;
}
}
private String tmDevice;
private String sid;
private String url;
public static Cookie cookie = null;
public void onCreate(Bundle savedInstanceState) {
super.onCreate(savedInstanceState);
CookieSyncManager.createInstance(this);
CookieManager cookieManager = CookieManager.getInstance();
cookieManager.setAcceptCookie(true);
final TelephonyManager tm = (TelephonyManager) getBaseContext().getSystemService(Context.TELEPHONY_SERVICE);
tmDevice = "blabla" + tm.getDeviceId();
postData();
url = "mywebsite="+sid.substring(5);
Log.d(LOG_TAG, "cookie value: " + cookie);
if (cookie != null) {
cookieManager.removeSessionCookie();
String cookieString = cookie.getName() + "=" + cookie.getValue() + "; domain=" + cookie.getDomain();
cookieManager.setCookie(cookie.getDomain(), cookieString);
CookieSyncManager.getInstance().sync();
}
setContentView(R.layout.web);
WebView myWebView = (WebView) findViewById(R.id.webview);
myWebView.getSettings().setJavaScriptEnabled(true);
myWebView.setWebViewClient(new HelloWebViewClient());
myWebView.loadUrl(url);
}
public void postData() {
// Create a new HttpClient and Post Header
DefaultHttpClient httpclient = new DefaultHttpClient();
HttpPost httppost = new HttpPost("my website");
try {
// Add your data
List<NameValuePair> nameValuePairs = new ArrayList<NameValuePair>(1);
nameValuePairs.add(new BasicNameValuePair("uid", tmDevice));
httppost.setEntity(new UrlEncodedFormEntity(nameValuePairs));
// Execute HTTP Post Request
HttpResponse response = httpclient.execute(httppost);
inputStreamToString(response.getEntity().getContent());
List<Cookie> cookies = httpclient.getCookieStore().getCookies();
if (!cookies.isEmpty()) {
for (int i = 0; i < cookies.size(); i++) {
cookie = cookies.get(i);
}
}
} catch (ClientProtocolException e) {
// TODO Auto-generated catch block
} catch (IOException e) {
// TODO Auto-generated catch block
}
}
private void inputStreamToString(InputStream is) {
String line = "";
StringBuilder total = new StringBuilder();
// Wrap a BufferedReader around the InputStream
BufferedReader rd = new BufferedReader(new InputStreamReader(is));
// Read response until the end
try {
while ((line = rd.readLine()) != null) {
total.append(line);
}
} catch (IOException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
sid = total.toString();
}
}
請注意,通過這樣做,攻擊者可以在Web瀏覽器的任何域上爲受害者設置發佈數據,這可能會使某些類型的XSRF攻擊成爲可能,即使對於不在您的Android應用程序中的人也是如此(例如,攻擊者欺騙毫無戒心的用戶使用他的會話。)只能爲您的域設置Cookie,因此如果您只使用cookie,則這些攻擊是不可能的。這種攻擊不常見,但可以考慮這種可能性。 – 2013-04-02 18:37:11
由於@ PatrickHorn的評論而被降級。 – 2013-12-06 22:10:46