Closed ehxxxxxxxxxxxxxxxxxxxxxxx closed 9 months ago
Any device running a semi-modern chrome webview (v90+) while targeting API 31+ will use a more restrictive cookie policy by default where it will block any cookie that isn't on the "SameSite" which would apply to any webview app that isn't loading the document from the server itself.
The server must set the SameSite policy SameSite
policy to none; Secure
to allow cross origin cookies. Secure
is required because the user agent will refuse cross origin cookies unless if the connection is on a secure context (e.g. https). More information can be found here: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie#samesitesamesite-value
Related: https://github.com/apache/cordova-android/issues/1187#issuecomment-1129556930
Closing because this isn't a bug with the Cordova Framework that we can take action on.
hi @breautek we have set the frontend scheme http, hostname localhost in the preference element and the backend SameSite policy to none; Secure. but it still doesn't work,the second request has no cookie. The DevTools shown as below:
first request:
second request:
Even if we change the backend to https it doesn't work
Hi, Recently we upgraded the cordova android to 12 due to the requirement of goole play. We found that the request sent by the app does not have cookie, and server will renew the sessionid for each request. The backend server is jetty server. I've tried almost everything, including the previous reply to someone else, but it still doesn't work. Someone asked this question before, but in the end he chose other authentication methods. Is there any other way to solve this problem? Thanks!