I am working on an Android App, Using a SQLIte browser on a rooted device, the application session id cookie is being written in plain text into a SQLite table named COOKIES. I have tried some steps:
- Using Cache-Control no-cache=\"Set-Cookie\".
- Setting the Set-Cookie secure and httpOnly header attributes.
According to many blog entries, Chromium is suppose to encrypt cookies https://codereview.chromium.o... and indeed, I've observed an "encrypted_value" column within the COOKIES table. I read some blogs from few android developer forum related to this but unfortunately, none of the above attempts have succeeded in configuring Android WebView to encrypt stored cookies. Please help me to resolve my query.
