List icon Contents

Cookies

This document describes how to work with cookies.

Overview

JxBrowser delegates the work with cookies to the Chromium engine. Chromium decides how to download cookies from a web server, extract them from the HTTP headers and store them in the User Data directory (persistent cookies) or in the memory (session cookies).

The CookieStore class allows you to get, modify, and remove cookies. The Cookie class provides information on a particular cookie.

To obtain the CookieStore for a specific Profile please use the Profile.cookieStore() method. The Engine.cookieStore() method returns the CookieStore associated with the default profile.

To access cookie store use the following way:

Java
Kotlin

CookieStore cookieStore = profile.cookieStore();

val cookieStore = profile.cookieStore()

Supported protocols

JxBrowser supports cookies that are sent using the following protocols:

  • HTTP
  • HTTPS
  • WS (WebSocket)
  • WSS (Secured WebSocket)

If a cookie is sent using a protocol that is not on the list, e.g. ftp://, it will not be stored in the cookie storage.

Working with cookies

JxBrowser supports the following kinds of cookies:

  • Persistent cookies — these are stored in the Chromium user data directory. If you delete the Chromium user data directory, all the persistent cookies will be removed.
  • Session cookies — these are stored in the application memory. These cookies will be removed automatically when the application is terminated.
  • Secure cookies — these can only be transmitted over an encrypted connection, i.e. HTTPS. This makes the cookie less likely to be exposed to cookie theft via eavesdropping.
  • HttpOnly cookies — these cannot be accessed by the client-side APIs, such as JavaScript. This restriction eliminates the threat of cookie theft via cross-site scripting (XSS). However, the cookie remains vulnerable to cross-site tracing (XST) and cross-site request forgery (XSRF) attacks.

When you modify cookies please use the CookieStore.persist() method to save the changes.

Getting cookies

To get all cookies, please use the cookies() method:

Java
Kotlin

cookieStore.cookies().forEach(cookie ->
        System.out.println("cookie = " + cookie));

cookieStore.cookies().forEach { println("cookie = $it") }

To get all cookies by a URL, please use the cookies() method that accepts a string:

Java
Kotlin

cookieStore.cookies("https://www.google.com").forEach(cookie ->
        System.out.println("cookie = " + cookie));

cookieStore.cookies("https://www.google.com").forEach { println("cookie = $it") }

Creating cookies

Persistent

To create a persistent cookie with an expiration time use the following code:

Java
Kotlin

cookieStore.set(Cookie.newBuilder(".google.com")
        .creationTime(creationTime)
        .expirationTime(expirationTime)
        .name("name")
        .value("value")
        .path("/")
        .build());
cookieStore.persist();

cookieStore.set(Cookie.newBuilder(".google.com")
    .creationTime(creationTime)
    .expirationTime(expirationTime)
    .name("name")
    .value("value")
    .path("/")
    .build())
cookieStore.persist()

Session

To create a session cookie use the following code:

Java
Kotlin

cookieStore.set(Cookie.newBuilder(".google.com")
        .name("name")
        .value("value")
        .path("/")
        .build());
cookieStore.persist();

cookieStore.set(Cookie.newBuilder(".google.com")
    .name("name")
    .value("value")
    .path("/")
    .build())
cookieStore.persist()

Deleting cookies

To delete all cookies use the deleteAll() method:

Java
Kotlin

int numberOfDeletedCookies = cookieStore.deleteAll();
cookieStore.persist();

val numberOfDeletedCookies = cookieStore.deleteAll()
cookieStore.persist()

To delete one cookie, please use the delete(Cookie). The following code deletes all cookies one by one:

Java
Kotlin

cookieStore.cookies().forEach(cookieStore::delete);
cookieStore.persist();

cookieStore.cookies().forEach(cookieStore::delete)
cookieStore.persist()

Suppressing cookies

You can control all incoming and outgoing cookies using the CanSetCookieCallback and CanGetCookiesCallback callbacks of the Network.

To suppress the incoming cookies use the following code:

Java
Kotlin

network.set(CanSetCookieCallback.class, params -> CanSetCookieCallback.Response.cannot());

network.set(CanSetCookieCallback::class.java, CanSetCookieCallback { CanSetCookieCallback.Response.cannot() })

To suppress the outgoing cookies use the following code:

Java
Kotlin

network.set(CanGetCookiesCallback.class, params -> CanGetCookiesCallback.Response.cannot());

network.set(CanGetCookiesCallback::class.java, CanGetCookiesCallback { CanGetCookiesCallback.Response.cannot() })

Encryption

JxBrowser supports the cookie encryption by default. It uses the Chromium cookies encryption routines, so the cookies are stored exactly as in Chromium.

Linux

On Linux JxBrowser uses GNOME Keyring or KWallet to encrypt cookies. The library automatically chooses which store to use. You can manually specify which store to use via an appropriate option when constructing the Engine. For example:

Java
Kotlin

Engine engine = Engine.newInstance(EngineOptions.newBuilder(renderingMode)
        .passwordStore(PasswordStore.GNOME_KEYRING)
        .build());

val engine = Engine.newInstance(EngineOptions.newBuilder(renderingMode)
    .passwordStore(PasswordStore.GNOME_KEYRING)
    .build())

Windows

On Windows JxBrowser uses only DPAPI to encrypt cookies. There are no alternatives at the moment.

macOS

On macOS JxBrowser uses the private key stored with the Keychain Application to encrypt cookies with AES encryption.

Partitioned state

JxBrowser supports cookies with partitioned state. Partitioned cookies are Secure cookies with the Partitioned attribute that can be set in another embedded Frame context:

Java
Kotlin

Cookie cookie = cookieStore.cookies().get(0);
cookie.partitionKey().ifPresent(partitionKey -> {
    String topLevelSite = partitionKey.site();
    boolean thirdParty = partitionKey.isThirdParty();
});

val cookie = cookieStore.cookies()[0]
cookie.partitionKey().ifPresent { partitionKey ->
    val topLevelSite = partitionKey.site()
    val thirdParty = partitionKey.isThirdParty
}

Unlike regular third-party cookies, partitioned cookies can’t track users and join their information from across many unrelated top-level sites.