0

I know there are techniques to retrieve WebView cookies via HttpBaseProtocolFilter.CookieManager which is shared between WebView and HttpClient at least withing the borders of the same applications. However it does not give access to httponly cookies. httponly cookies also are not shared between WebView and HttpClient. Frankly speaking I understand the restrictions but before I give up I'd like to ask if anybody solved this problem?

This is what I need. We have a web site written in Java. The site generates JSESSION httponly cookie and passes it to the client. We are working on an UWP application where we instantiate WebView which plays the role of the client. Then, we inject javascript to communicate between UWP code and the displayed page. Everything works perfect as expected. Now we need to do a few requests from UWP code but in the context of the current session. For that we need to use the same JSESSION for HttpClient in UWP but I'm unable to find a way to do that.

Every time I send a request from UWP a new JSESSION is generated and that prevents the logic from working right. So, is there any way to either retrieve that httponly cookie from WebView or override it with the one which is assigned to the HttpClient?

Alex
  • 655
  • 1
  • 8
  • 16

1 Answers1

1

If you use Windows.Web.Http.HttpClient and WebView in UWP, the cookies are automatically shared through the app’s context between the HttpClient and the WebView, including the HttpOnly cookies.

To validate it, I used the c# code on this document to create a HttpOnly cookie when the asp.net web page is loaded. Then, I made a UWP app and added a WebView on XAML page to view the website, in code-behind, I used the following code to get the cookie:

HttpBaseProtocolFilter filter = new HttpBaseProtocolFilter();
HttpCookieCollection cookieCollection = filter.CookieManager.GetCookies(new Uri("http://localhost:xxxxx/Default.aspx"));
foreach (var cookie in cookieCollection)
{
    Debug.WriteLine(cookie.Name+": "+cookie.Value+" HttpOnly: "+cookie.HttpOnly);
}

You could see the screenshot. I can get the HttpOnly cookie:

enter image description here

Xie Steven
  • 8,544
  • 1
  • 9
  • 23
  • Of course, I tried that before posting my question and httponly cookies were not shared. When WebView sent its request one JSESSION was created for it and then when I sent a request using HttpClient another JSESSION was created for that request. HttpBaseProtocolFilter.CookieManager didn't list that httponly cookie as well. I see differences between your sample and my test. You are using localhost and http. Maybe it is handled differently. In my case I communicated to a separately hosted web site over https. The web site is written in Java. May be the host using different way to set cookie. – Alex Feb 12 '19 at 22:22
  • Did you mean that you first use WebView to view your website, and then you use HttpClient to send request to the same URL? – Xie Steven Feb 13 '19 at 05:53