My app has a WebView that users can download a file from. I have set an onDownloadListener that invokes the DownloadManager to download the file.
Some files, however, require athentication to access and since authentication is handled using cookies I have used the CookieManager to get and pass them to the DownloadManager.
This works great for all devices except for those running Android 9 (API level 28). I read here that there is a bug with the CookieManager returning null and ignoring same-site cookies on Android 9's default WebView version.
I haven't found a fix however and since these cookies are also marked as http-only I can't get them using JavaScript. I also don't want to remove http-only or same-site attributes from response or use some other hacky way of implementing this since it will introduce a potential security risk.
