I am learning to store cookies in Android and came across several ways of implementing it. One of them being the use of CookieManager and CookieStore.
As I was going through Android docs, I came across the following statement:
To establish and maintain a potentially long-lived session between client and server, HttpURLConnection includes an extensible cookie manager. Enable VM-wide cookie management using CookieHandler and CookieManager:
CookieManager cookieManager = new CookieManager();
CookieHandler.setDefault(cookieManager);
I don't understand the meaning of VM-wide cookie management. I know that VM means Virtual Machine.
My Interpretations:
One way I interpreted it is, creating a CookieManagerand passing it to setDefault() makes it available throughout the application. Hence, I tried the following to test it.
URL url = new URL("http://something.com");
URI uri=new URI("http://something.com");
urlConnection = (HttpURLConnection) url.openConnection();
cks=urlConnection.getHeaderField("Set-Cookie");
//cks is a String
cookieManager=new CookieManager();
CookieHandler.setDefault(cookieManager);
HttpCookie hc=new HttpCookie("Cookie1",cks);
cookieManager.getCookieStore().add(uri,hc);
cks1=cookieManager.getCookieStore().getCookies().get(0).getValue();
//cks1 is another String
I set cks and cks1 to TextViews and it printed cookie content/value as expected. Based on my interpretation, I tried cookieManager.getCookieStore().getCookies().get(0).getValue(); in another activity but it didn't recognise the object which means it is out of scope and not accessible. Also, created a new CookieManager and tried to get the cookies but it returned null. So, I assume this interpretation of VM-wide being accessible across activities is incorrect.
Second Interpretation was Cookies will be automatically stored when CookieManager is set up. I got it from a solution to another question on SO: Cookie management with Java URLConnection
One of the statements in the solution that suggested so:
When HttpURLConnection receives a cookie from the server the CookieManager will receive the cookie and store it. Future requests to the same server will automatically send the previously set cookies.
I removed cookieManager.getCookieStore().add(uri,hc); to test it and discovered that cookies are not stored automatically. So, that interpretation fails too.
Most of the solutions to storing cookies for later use suggests using SharedPreferences. The thing that haunts me is all of them stores cookies in CookieManager initially and later moves it to SharedPreferences. Why not use SharedPreferences directly?
For example:
URL url = new URL("http://something.com");
urlConnection = (HttpURLConnection) url.openConnection();
cks=urlConnection.getHeaderField("Set-Cookie");
SharedPreferences pref = getApplicationContext().getSharedPreferences("MyPref", MODE_PRIVATE);
Editor editor = pref.edit();
editor.putString("cookie_name", cks); // Saving cookie
editor.commit();
So what is the point of using CookieManager and then moving it to SharedPreferences?
More details on Android's cookie management framework can be found in this doc, but in short, you only need to setDefault() once. In subsequent calls you can use CookieHandler.getDefault() and you supply the cookies to the sessions as demonstrated in this answer
Using the default implementations you'll only be able to access cookies from your own application.
In simplest terms an Android VM is the layer that translates your application bytecode into machine code and it is one VM per application - so VM-Wide means Application scoped.
SharedPrefs can be used to persist cookies between sessions, although this should be rarely useful (just my opinion)