Implement Android's removeSessionCookies method #145
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
Bump, I'd like to get this PR merged in if possible. Let me know if there's any concerns. |
safaiyeh
reviewed
Apr 16, 2022
Comment on lines
+106
to
+117
| public void removeSessionCookies(Promise promise) { | ||
| try { | ||
| getCookieManager().removeSessionCookies(new ValueCallback<Boolean>() { | ||
| @Override | ||
| public void onReceiveValue(Boolean data) { | ||
| promise.resolve(data); | ||
| } | ||
| }); | ||
| } catch (Exception e) { | ||
| promise.reject(e); | ||
| } | ||
| } |
There was a problem hiding this comment.
From what I've seen so far, we didn't have to do a flush or sync or anything else to get fetch or a webview to get rid of these session cookies. We've just been using this call and the next fetch we do results in the session cookies no longer being there.
safaiyeh
pushed a commit
that referenced
this pull request
Apr 18, 2022
# [6.2.0](v6.1.0...v6.2.0) (2022-04-18) ### Features * **Android:** Implement Android's removeSessionCookies method ([#145](#145)) ([b459739](b459739))
|
🎉 This PR is included in version 6.2.0 🎉 The release is available on: Your semantic-release bot 📦🚀 |
|
Awesome, thanks! |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
I'm submitting a PR to implement the Android CookieManager removeSessionCookies method. Docs on what this does exactly are at the Android CookieManager documentation. As a quick description, this lets developers remove all cookies that are session cookies. These are cookies with no Expires attribute.
We use Rails with the Devise gem to handle authentication. Rails sets a session cookie with no Expires attribute and a remember user cookie with a desired expiry. Currently, the session cookie will never be removed as per how Android operates so the remember period is effectively ignored on Android. So implementing this method will give RN developers a way of controlling whether they want to clear these out. As an example, we call this prior to checking with an API call if the user is still logged in during the startup of the app.
Type of change
How Has This Been Tested?
I have used MITMProxy with an Android API 30 emulator and a API 28 LG G6 phone to verify that session cookies can be removed prior to performing a
fetchcall in RN and it removes the session cookies from the next call correctly. This should also work for Android webviews as well.