Is a secure cookie (httponly cookie) readable on the native-app website (android, iOS)?

Let's say I have a web application that uses an ajax httponly cookie to store a login session (token). I wonder if I add my web app to a native client (Android or ios webview), does the cookie protect unreadable anyway? Because I just found out that Android has a CookieManager capable of reading cookies from a webview.

The main problem is that I want to store the user's access token in a cookie or somewhere in the user's browser. I want to make sure that no matter what environment (regular chrome or safari, or in a native webview application) the user stores the user's token, it remains secure and unreadable for XSS or any other hacker attack. Is there a way to do this?

+3
android html5 ios cookies webview


source to share


No one has answered this question yet

Check out similar questions:

4
Save Webview Cookies?
3
JWT + cookie + HTTPS + CSRF
2
Accessing browser cookies from an Android app?
2
Is it possible to create a cookie from a native Android app?
1
Storing cookies and CSRF "remember me"
0
Storing Jwt Token in Cookie with Http and Secure instead of LocalStorage in Javascript
0
Sharing session (cookie) between Android Webviews in two different apps?
0
Android cookie storage and recovery (persistent cookie storage)
0
Security issues: JWT + cookies for SPA
0
Webviews doesn't always store cookies? How do I force this?



All Articles
Loading...
X
Show
Funny
Dev
Pics