I'm writing a Cordova app and I would like to access its HTTP secure cookie from a plugin. I want to encrypt / disable it until the user enters a valid pin.
All help is greatly appreciated. Thank you.
Asked
Active
Viewed 389 times
1 Answers
0
The way I would do it would be to enable/disable the cookies for the entire application:
CookieManager mCookieManager = CookieManager.getInstance();
CookieSyncManager.createInstance(this);
mCookieManager.setAcceptCookie(false); //disables cookies for the WebView until the user enters a correct pin
if(getUsersPin()) { //getUsersPin() gets the pin from the user
mCookieManager.setAcceptCookie(true);
}
anthonycr
- 4,146
- 1
- 28
- 35
-
If an attacker acquires the device, the cookie would be sitting there, on disk. This is the vector I'm trying to block. The app is protecting critical info. – returneax Mar 07 '14 at 01:23
-
The cookies are secured in app data so unless the device is rooted, there is no way for the person acquiring the device to access them. What it seems you're asking for is to encrypt the cookies database itself, which I don't know how to do, but if you already have an encryption method made, just encrypt the .db file holding the cookies. It's located in the /data folder of your app. – anthonycr Mar 07 '14 at 14:07
-
@returneax refer to this question http://stackoverflow.com/questions/4275311/how-to-encrypt-and-decrypt-file-in-android in order to encrypt/decrypt the cookie file. – anthonycr Mar 07 '14 at 15:41