Closed jesmrec closed 8 months ago
Currently the application stores cookies in memory, during the execution of the application, but does not provide persistent cookie storage between application sessions. This means that when the app is closed and reopened new cookies are generated.
The contents of the cookies are stored in the cookieStore
variable. This variable is passed as a parameter to the CookieJarlmpl
. The CookieJarlmpl.kt class is where the methods in charge of cookie management are located, specifically, where getter and setter of the cookies are located.
This class in turn is assigned to the CookieJar
interface in HttpClient
.
final CookieJar cookieJar = new CookieJarImpl(mCookieStore);
To give more details of CookieJar
, according to the documentation itself: This interface are responsible for selecting which cookies to accept and which to reject. A reasonable policy is to reject all cookies, though that may interfere with session-based authentication schemes that require cookies.
After this, CookieJar is sent in the httpClient request, which is called every time the app is closed and opened.
mOkHttpClient = buildNewOkHttpClient(sslSocketFactory, trustManager, cookieJar);
To check that the cookies are working correctly the following test has been done. From an OC10 account we opened and closed the app. We went to the website and changed the account password. We opened the app and as a result we received an "Authentication Fail" message with a 401 error.
After checking the current status, these are the results:
When app is closed and reopened, an auth error is shown in snackbar if password changed as stated above :point_up:
If app is not closed and password changes, there is a time slot in which requests are valid (probably supported by the cookie), but, finally discloses in a auth error that is displayed in the snackbar as previous test.
So, we are in the point to get rid of the key icon.
EPIC:
To do (basic auth):
With this steps, will avoid that cookies will support session even though credentials changed or not valid anymore.
This is the preliminary step to implement:
so, key icon could be removed from there because new credentials will be automatically asked if needed.