Unity Webrequest Cookie Header not being properly set

Unity Engine
,
1

Hi, I’m having an issue with Unity.Webrequest, my code works fine in the editor, but it doesn’t when I build to Android.

My code logs in a user using a name and password and then gets a value from the server that it has to remember in order to identify itself the next times it serves or requests data. Getting this value works fine, but sending it back is failing on Android, while it works fine in the editor.

string sessionCookie

public IEnumerator LoginUser () {
        WWWForm loginForm = new WWWForm ();

        loginForm.AddField("data[User][email]", "name");
        loginForm.AddField("data[User][password]", "pass");

        UnityWebRequest www = UnityWebRequest.Post ("http://192.168.1.2/api/login/", loginForm);

        www.SetRequestHeader ("X-Requested-With", "XMLHttpRequest");

        yield return www.SendWebRequest ();

        if (www.isNetworkError || www.isHttpError) {
            Debug.Log (www.error);
        } else {
            string s = www.GetResponseHeader ("set-cookie");
            sessionCookie = s.Substring (s.LastIndexOf ("sessionID")).Split (';') [0];
        }
    }


public IEnumerator GetUserInfo () {
        WWWForm form = new WWWForm ();
        UnityWebRequest www = UnityWebRequest.Post ("http://192.168.1.2/api/getUserInfo/", form);

        www.SetRequestHeader ("X-Requested-With", "XMLHttpRequest");
        www.SetRequestHeader ("Cookie", sessionCookie);

        yield return www.SendWebRequest ();

        if (www.isNetworkError || www.isHttpError) {
            Debug.Log (www.error);
        } else {
            Debug.Log ("WebRequest succeeded");
            Debug.Log (www.downloadHandler.text);
        }
    }

I felt like my problem was very similar to this one right here, since I know through debug logging that my sessionCookie has the correct value.

So I upgraded to Unity 2018.1.1f. Could this have been a version too far?

Or am I missing something important that is vital to making this work on Android? Any advice is much appreciated!

1 Like
2

I don’t see anything wrong with this code.
So though debug logging you see that the cookie is correct on Android?
Have tried to setup some proxy to monitor network traffic?

3

I have checked to see what exactly the server receives and apparently, when doing the request two sessionID’s are sent. (separated by a comma!).

It appears that Android automatically appends the cookie header to the outgoing request resulting in a cookie header with two sessionID’s.

I tried this, to assert that the Header would only be set if it wasn’t already.

Debug.Log(www.GetRequestHeader("Cookie"));
        if ( www.GetRequestHeader("Cookie") == null )
            www.SetRequestHeader ("Cookie", sessionCookie);

        Debug.Log(www.GetRequestHeader("Cookie"));

But this doesn’t work. The debug shows that the header is null before I add my own cookie header, and it logs as it should be after I set it.
I think this means that Android appends it’s own header after Unity did what it is supposed to.

For now I made it work by simply commenting out the line where I set the cookie, meaning that I now have code that depends on Android taking care of this automatically.
I am still a bit worried though that this won’t happen the same way on all current and future versions of Android, so if there is a way that assures my header is set properly and only once, I am still interested in a better solution.

4

On Android there is a CookieManager in UnityWebRequest so it is expected for cookies to be sent automatically. There is no such thing in Editor for now. We are working on this to make it more consistent across platforms, but that’s quite the future now.

5

I see, and there is no way to turn this CookieManager off or edit it? Or is it generally dependable?

I have it set up like this now:

#if !UNITY_ANDROID
www.SetRequestHeader ("Cookie", APISessionCookie);
#endif
6

hallo everyone, i am trying to ger API, and try to set the header, but the header does not setup correctly, i don’t know why.

UnityEngine.Networking.UnityWebRequest request = UnityEngine.Networking.UnityWebRequest.Get(url);
                request.SetRequestHeader("id", "abcdlksjdpa");
                request.downloadHandler = new UnityEngine.Networking.DownloadHandlerBuffer();
                yield return request.SendWebRequest();
7

Not setup correctly as in not set at all? How did you check that?

8

hi @Aurimas-Cernius , with our api, the header, if not setup correctly we will get error response in json. The error is not about isNetworkError or isHttpError. Actually I have checked using postman app, and it is working well. Then we try in unity, it still get error. I don’t know why. I assume when i call setrequestheader need another way. if you have advice to solve myproblem, it would be great, thanks

9

oh yaaa, i forgot something, when i call setrequestheader like mycode before and when i dont call setrequestheader in my code, both of them show the same error response in json.

10

Use HTTP proxy like Fiddler to inspect the traffic. Sounds like your issue is elsewhere.

11

I don’t know if it late to continue this discussion or not but i ran to same problem 2 day ago just in android devices , I get unauthorized access , my code works fine in IOS and editor , I install an emulator and monitor the traffic with wireshark and figure out that just first time you want to call a web service an automated cookie is set by device so you have 2 cookies in your request . but as soon as you kill your app or quit it it wont set cookie automatically and everything works fine afterward , now the hard part is how to recognize if user close the app one or not ,to set a flag
is there any way to know what headers is in a request ?

12

Are you setting cookie yourself in request header? Because they are also managed automatically by the system.

13

Thank for the replay
First of all I am using unity2018.2
and yes I am setting cookie by my self and i dont think in this version they are set automatically except the first call from android deceives
my code work fine in IOS and Editor but fist call from android devices will send 2 cookies and get access denied from server but if i kill the app and run it again everything works fine

14

2018.2 does have a cookie handler, so cookies do persist within same session for sure. We do set CookieManager object to handle cookies, if none is set.
We only do set it if it’s not set yet and only once, so if you set it yourself to something that does nothing, you should be fine.
Our code for cookies is as simple as:

if (CookieHandler.getDefault() == null)
    CookieHandler.setDefault(new CookieManager());
15

CookieHandler seems not working in my code ???

4642150--435709--cookie.jpg

16

That is Java code. If you want to call it from your script, you have to use AndroidJavaClass and it’s companions or write pure Java code and invoke that.

17

So if we want to store cookie and use it for a future session, is there not a way to do this on Android?

18

Sure you can. But you have to check first if you need to - in a single app instance cookies are managed automatically. To make them work across the session, you may need to implement it yourself. Note, that on some platforms they do work across the sessions too, but that’s platform dependent. Not so on Android.