Is a secure cookie (httponly cookie) readable on the native-app website (android, iOS)?

Question

Is a secure cookie (httponly cookie) readable on the native-app website (android, iOS)?

Let's say I have a web application that uses an ajax httponly cookie to store a login session (token). I wonder if I add my web app to a native client (Android or ios webview), does the cookie protect unreadable anyway? Because I just found out that Android has a CookieManager capable of reading cookies from a webview.

The main problem is that I want to store the user's access token in a cookie or somewhere in the user's browser. I want to make sure that no matter what environment (regular chrome or safari, or in a native webview application) the user stores the user's token, it remains secure and unreadable for XSS or any other hacker attack. Is there a way to do this?

+3

android html5 ios cookies webview

Kim May 18 '17 at 4:39

source to share

No one has answered this question yet

Check out similar questions:

4

Save Webview Cookies?

3

JWT + cookie + HTTPS + CSRF

2

Accessing browser cookies from an Android app?

2

Is it possible to create a cookie from a native Android app?

1

Storing cookies and CSRF "remember me"

0

Storing Jwt Token in Cookie with Http and Secure instead of LocalStorage in Javascript

0

Sharing session (cookie) between Android Webviews in two different apps?

0

Android cookie storage and recovery (persistent cookie storage)

0

Security issues: JWT + cookies for SPA

0

Webviews doesn't always store cookies? How do I force this?

Is a secure cookie (httponly cookie) readable on the native-app website (android, iOS)?

More articles: