Android CookieManager setCookie creates multiple cookies

Question

In my android application I have a webview. It loads URLs from multiple domains. I need to delete all cookies from a specific domain. I want to keep cookies from other domains. But I need to delete all cookies from one domain. I'm open to all other solutions that handles my request. (note that domain uses both http and https)

But when I try to use CookieManager.setCookie, all available cookies for that domain didn't deleted. Multiple cookie keys appeear when I try to write to that keys.

I attach my code below. You can find results in comment lines. At the end of story I get this cookie. Note for multiple values:

"userid=12%34; token=12ased; remember_check=0; userid='-1'; token='-1'; remember_check='-1';"

My helper function that splits cookie string to get cookie keys:

public static Vector<String> getCookieAllKeysByCookieString(String pCookies) {
    if (TextUtils.isEmpty(pCookies)) {
        return null;
    }
    String[] cookieField = pCookies.split(";");
    int len = cookieField.length;
    for (int i = 0; i < len; i++) {
        cookieField[i] = cookieField[i].trim();
    }
    Vector<String> allCookieField = new Vector<String>();
    for (int i = 0; i < len; i++) {
        if (TextUtils.isEmpty(cookieField[i])) {
            continue;
        }
        if (!cookieField[i].contains("=")) {
            continue;
        }
        String[] singleCookieField = cookieField[i].split("=");
        allCookieField.add(singleCookieField[0]);
    }
    if (allCookieField.isEmpty()) {
        return null;
    }
    return allCookieField;
}

I get present cookies:

// I take cookie string for specific URL
mCookieManager = CookieManager.getInstance();
String url2="https://mysite.com";
String cookieString = mCookieManager.getCookie(url2);
Toast.makeText(mContext, "cookie string:\n"+cookieString, Toast.LENGTH_SHORT).show();
// result is: userid=12%34; token=12ased; remember_check=0;

Then I call to replace old cookies.

Vector<String> cookie = CookieUtil.getCookieAllKeysByCookieString(cookieString);
if (cookie == null || cookie.isEmpty()) {
    Toast.makeText(mContext, "cookie null", Toast.LENGTH_SHORT).show();
}
if (cookie != null) {
    int len = cookie.size();
    Toast.makeText(mContext, "cookie number: "+len, Toast.LENGTH_SHORT).show();
    // result is, cookie number: 3
    String cookieNames="";
    for (int i = 0; i < len; i++) {
        cookieNames += "\n"+cookie.get(i) ;
        mCookieManager.setCookie(url2, cookie.get(i) + "='-1';");
    }
    Toast.makeText(mContext, "cookieNames:\n"+cookieNames, Toast.LENGTH_SHORT).show();
    // result is: "cookienames: userid token remember_check"

    mCookieSyncManager.sync();

    cookieString = mCookieManager.getCookie(url2);
    Toast.makeText(mContext, "cookie string:\n"+cookieString, Toast.LENGTH_SHORT).show();
    mCookieSyncManager.sync();
    // result is: "userid=12%34; token=12ased; remember_check=0; userid='-1'; token='-1'; remember_check='-1';"
}

Edit:
I also tried setCookie like this:

mCookieManager.setCookie(url2, cookie.get(i) + "=-1;");
mCookieManager.setCookie(url2, cookie.get(i) + "=-1");

Edit2: setCookie's signature is like this:

 /**
 * Sets a cookie for the given URL. Any existing cookie with the same host,
 * path and name will be replaced with the new cookie. The cookie being set
 * must not have expired and must not be a session cookie, otherwise it
 * will be ignored.
 *
 * @param url the URL for which the cookie is set
 * @param value the cookie as a string, using the format of the 'Set-Cookie'
 *              HTTP response header
 */
public void setCookie(String url, String value) {
    throw new MustOverrideException();
}

Although I get same keys inside cookie string ("userid=12%34; token=12ased; remember_check=0; userid='-1'; token='-1'; remember_check='-1';") will they have different host or path ?

Answer 1

I've had a similar experience with the CookieManager in Android. Setting the same cookie will indeed add it as a new cookie.

Please try to implement this solution. It will enable you to flush the cookies you want to remove and then you'll be able to set the again as you desire.

Good luck!

Answer 2

1. First, we can delete the cookie via CookieManager's interfaces:

    setCookie(URL, 'COOKIE_KEY=;');
   

2. Then, we need to find out the correct URL, considering both Domain and Path attributes of the cookie.

   For example, the following cookie

    document.cookie = 'COOKIE_NAME=COOKIE_VAL; path=/; domain=.example.com;'
   

   can be deleted by

    setCookie('.example.com', 'COOKIE_NAME=;')
   

   and cannot be deleted by

    setCookie('www.example.com/info.html', 'COOKIE_NAME=;')
   

3. Finally, here is an example to remove a cookie.

    String[] kvPairs = CookieManager.getInstance().getCookie(url).split(" ");           
    for (String kvPair : kvPairs) {
        String newPair = kvPair.replaceAll("=.*", "=;");
        // Delete the cookie asynchronously.
        CookieManager.getInstance().setCookie(url, newPair);
    }