OkHttp中自定義CookieJar及Cookie存儲機制

Cookie

Cookie最早由網景公司設計并運用到Web通訊中,后被作為規范納入到RFC2965中。
通常情況下,Cookie會包含如下信息:name expires domain path secure

name:cookie 的名字

expires:過期時間。值是一個日期,一個時刻,而不是一個時長。在OkHttp中,你可以使用該字段在端上建立邏輯,也可以忽略該字段依靠server實現過期的邏輯。

domain:cookie的作用域,指定了cookie將要被發送至哪個域中。默認情況下,domain會被設置為創建該cookie的url所在的域名。但在OkHttp中默認是不存在Cookie機制的,因此這一點需要你來親自實現完善。像百度這樣的網站,會有很多name.baidu.com形式的站點,他們的頂級域名是一致的,但二級域名會有很多,比如waimai.baidu.com,bzclk.baidu.com等。domain的匹配通常是從域名的末尾開始匹配,并將命中的cookie作為有效cookie存儲。

path:另一個控制cookie的發送時機的選項。類似于domain,path選項要求請求資源URL中必須存在指定的路徑,才會發送cookie。通常是將path的值與請求的URL從開頭開始逐個字符串比較完成匹配。如:Set-Cookie:name=Ghost;path=/ghost就要求URL的路徑以/ghost開頭,如/ghost,/ghostinmatrix都是命中的url。

需要注意的是:cookie匹配驗證的順序首先是domain,然后才會匹配path。

secure:該選項只是一給標記而沒有值。只有當一個請求通過SSL或者HTTPS創建的時候,包含secure的cookie才能被發送至服務器。這種cookie內容具有很高價值,如果一純文本形式傳遞很有可能被篡改。事實上,機密且敏感的數據是不應該再cookie中存儲的,因為cookie整個機制本身就是不安全的。

OkHttp的Cookie支持及調用機制

OkHttp網絡庫提供了自定義 CookieJar機制來滿足應用對Cookie的各種定制需求。在OkHttp的源碼中,明確了兩點:
1.在不設置自定義CookieJar時,默認為沒有Cookie;

public Builder() {
      ...
      cookieJar = CookieJar.NO_COOKIES;
      ...
    }

NO_ COOKIES的設置如下,它是一個CookieJar的實現,在需要覆蓋的兩個方法中直接忽略了任何cookie的處理,即沒有cookie。

CookieJar NO_COOKIES = new CookieJar() {
    @Override public void saveFromResponse(HttpUrl url, List<Cookie> cookies) {
    }

    @Override public List<Cookie> loadForRequest(HttpUrl url) {
      return Collections.emptyList();
    }  };

2.在設置自定義CookieJar時,


public class CookieJarImpl implements CookieJar {
    private final OkCookieManager cookieManager;

    public CookieJarImpl(OkCookieManager cookieManager) {
        this.cookieManager = cookieManager;
    }

    @Override
    public void saveFromResponse(HttpUrl url, List<Cookie> cookies) {
         //本地可校驗cookie,并根據需要存儲
    }

    @Override
    public List<Cookie> loadForRequest(HttpUrl url) {
        //從本地拿取需要的cookie
        return rst;
    }
}

OkHttp在組裝請求的過程中,在HttpEngine類中獲取了CookieJar中本地的Cookie進行加載:

//HttpEngine.class

public void sendRequest() throws RequestException, RouteException, IOException {
    ...
    Request request = networkRequest(userRequest);
    ...
  }


  
private Request networkRequest(Request request) throws IOException {
    Request.Builder result = request.newBuilder();
    ...
    List<Cookie> cookies = client.cookieJar().loadForRequest(request.url());
    if (!cookies.isEmpty()) {
      result.header("Cookie", cookieHeader(cookies));
    }
    ...
    return result.build();
  }

而在獲取請求的時候,還是在HttpEngine中,使用saveFromResponse方法將來自server的cookie存儲到本地。

/**
   * Flushes the remaining request header and body, parses the HTTP response headers and starts
   * reading the HTTP response body if it exists.
   */
  public void readResponse() throws IOException {
    ...
    receiveHeaders(networkResponse.headers());
    ...
  }
  
 /**
 *從Header中獲取Cookie并解析為對象,如果Cookie存在,則saveFromResponse
 */
  public void receiveHeaders(Headers headers) throws IOException {
    if (client.cookieJar() == CookieJar.NO_COOKIES) return;

    List<Cookie> cookies = Cookie.parseAll(userRequest.url(), headers);
    if (cookies.isEmpty()) return;

    client.cookieJar().saveFromResponse(userRequest.url(), cookies);
  }

以上方法都很簡單,重點在于Cookie的校驗和存儲策略。
首先我們需要一個專門負責管理Cookie的類,而這個類顯然不能是CookieJar的實現類,于是我們設計一個CookieManager,它要具備一套二級緩存系統,即內存級別和文件級別,如果app關閉,則內存級別會被清空,而用到的cookie都會存到本地文件;app開啟則從本地文件加載cookie。

我們如何實現一個CookieManager

知道了Cookie的各項屬性和意義之后,就可以根據name、domain、path這三個主要屬性進行功能實現了(如果希望功能健全還可以涉及到expired、secure等字段)。首先,我們獲取無論是獲取還是發送cookie,都會首先以domain為key進行匹配,因此我們的存儲容器一定要有一個Map,用來存放不同的domain和對應的 多個Cookie。因此我們這里使用了Map嵌套的方式,一級key為domain、二級key為cookieToken(當然也可以根據自己的情況自由定制)。

public class PersistentCookieStore {


    private static final String COOKIE_PREFS = "Cookies_Prefs";

    //根據各自的業務形態進行定制,可以使用hashMap,甚至也可以選用其他數據結構存儲Cookie。例子中使用了HashMap實現,key作為一級域名;value則是以cookieToken為key的Cookie映射,cookieToken的獲取見下述方法。
    private final Map<String, ConcurrentHashMap<String, Cookie>> cookies;
    
    
    private final SharedPreferences cookiePrefs;

    public PersistentCookieStore(Context context) {
        cookiePrefs = context.getSharedPreferences(COOKIE_PREFS, 0);
        cookies = new ConcurrentHashMap<String, ConcurrentHashMap<String, Cookie>>();

        //將持久化的cookies緩存到內存中 即map cookies
        Map<String, ?> prefsMap = cookiePrefs.getAll();
        for (Map.Entry<String, ?> entry : prefsMap.entrySet()) {
            String[] cookieNames = TextUtils.split((String) entry.getValue(), ",");
            for (String name : cookieNames) {
                String encodedCookie = cookiePrefs.getString(name, null);
                if (encodedCookie != null) {
                    Cookie decodedCookie = decodeCookie(encodedCookie);
                    if (decodedCookie != null) {
                        if (!cookies.containsKey(entry.getKey())) {
                            cookies.put(entry.getKey(), new ConcurrentHashMap<String, Cookie>());
                        }
                        cookies.get(entry.getKey()).put(name, decodedCookie);
                    }
                }
            }
        }
    }


    /**
    *cookieToken的獲取
    */
    protected String getCookieToken(Cookie cookie) {
        return cookie.name() + "@" + cookie.domain();
    }
    
    /**
    *cookie的存儲
    */
    public void add(Cookie cookie) {
        String name = getCookieToken(cookie);
        if (!cookies.containsKey("XX.com")) {
            cookies.put("XX.com", new ConcurrentHashMap<String, Cookie>());
        }
        cookies.get("XX.com").put(name, cookie);

        SharedPreferences.Editor prefsWriter = cookiePrefs.edit();
        if (cookies.containsKey("XX.com")) {
            prefsWriter.putString("XX.com", TextUtils.join(",", cookies.get("XX.com").keySet()));
            prefsWriter.putString(name, encodeCookie(new SerializableHttpCookie(cookie)));
            prefsWriter.apply();
        }
    }

    public void add(HttpUrl url, Cookie cookie) {
        String name = getCookieToken(cookie);

        if (!cookies.containsKey(url.host())) {
            cookies.put(url.host(), new ConcurrentHashMap<String, Cookie>());
        }
        cookies.get(url.host()).put(name, cookie);

        //講cookies持久化到本地
        SharedPreferences.Editor prefsWriter = cookiePrefs.edit();
        if (cookies.containsKey(url.host())) {
            prefsWriter.putString(url.host(), TextUtils.join(",", cookies.get(url.host()).keySet()));
            prefsWriter.putString(name, encodeCookie(new SerializableHttpCookie(cookie)));
            prefsWriter.apply();
        }
    }

    public List<Cookie> get(HttpUrl url) {
        ArrayList<Cookie> ret = new ArrayList<Cookie>();
        if (cookies.containsKey(url.host()))
            ret.addAll(cookies.get(url.host()).values());

        return ret;
    }


    public List<Cookie> get() {
        ArrayList<Cookie> ret = new ArrayList<Cookie>();
        if (cookies.containsKey("XX.com"))
            ret.addAll(cookies.get("XX.com").values());
        return ret;
    }


    public boolean removeAll() {
        SharedPreferences.Editor prefsWriter = cookiePrefs.edit();
        prefsWriter.clear();
        prefsWriter.apply();

        cookies.clear();
        return true;
    }

    public boolean remove() {
        if (cookies.containsKey("XX.com")) {
            SharedPreferences.Editor prefsWriter = cookiePrefs.edit();

            for (Cookie cookie : cookies.get("XX.com").values()) {
                String name = getCookieToken(cookie);
                if (cookiePrefs.contains(name)) {
                    prefsWriter.remove(name);
                }
            }
            prefsWriter.remove("XX.com");
            prefsWriter.apply();
            cookies.get("XX.com").clear();
            cookies.remove("XX.com");
            return true;
        } else {
            return false;
        }
    }

    public boolean remove(HttpUrl url, Cookie cookie) {
        String name = getCookieToken(cookie);

        if (cookies.containsKey(url.host()) && cookies.get(url.host()).containsKey(name)) {

            cookies.get(url.host()).remove(name);

            SharedPreferences.Editor prefsWriter = cookiePrefs.edit();
            if (cookiePrefs.contains(name)) {
                prefsWriter.remove(name);
            }
            prefsWriter.putString(url.host(), TextUtils.join(",", cookies.get(url.host()).keySet()));
            prefsWriter.apply();

            return true;
        } else {
            return false;
        }
    }


    /**
     * cookies 序列化成 string
     *
     * @param cookie 要序列化的cookie
     * @return 序列化之后的string
     */
    protected String encodeCookie(SerializableHttpCookie cookie) {
        if (cookie == null)
            return null;
        ByteArrayOutputStream os = new ByteArrayOutputStream();
        try {
            ObjectOutputStream outputStream = new ObjectOutputStream(os);
            outputStream.writeObject(cookie);
        } catch (IOException e) {
//            Log.d(LOG_TAG, "IOException in encodeCookie", e);
            return null;
        }

        return byteArrayToHexString(os.toByteArray());
    }

    /**
     * 將字符串反序列化成cookies
     *
     * @param cookieString cookies string
     * @return cookie object
     */
    protected Cookie decodeCookie(String cookieString) {
        byte[] bytes = hexStringToByteArray(cookieString);
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bytes);
        Cookie cookie = null;
        try {
            ObjectInputStream objectInputStream = new ObjectInputStream(byteArrayInputStream);
            cookie = ((SerializableHttpCookie) objectInputStream.readObject()).getCookies();
        } catch (IOException e) {
//            Log.d(LOG_TAG, "IOException in decodeCookie", e);
        } catch (ClassNotFoundException e) {
//            Log.d(LOG_TAG, "ClassNotFoundException in decodeCookie", e);
        }

        return cookie;
    }

    /**
     * 二進制數組轉十六進制字符串
     *
     * @param bytes byte array to be converted
     * @return string containing hex values
     */
    protected String byteArrayToHexString(byte[] bytes) {
        StringBuilder sb = new StringBuilder(bytes.length * 2);
        for (byte element : bytes) {
            int v = element & 0xff;
            if (v < 16) {
                sb.append('0');
            }
            sb.append(Integer.toHexString(v));
        }
        return sb.toString().toUpperCase(Locale.US);
    }

    /**
     * 十六進制字符串轉二進制數組
     *
     * @param hexString string of hex-encoded values
     * @return decoded byte array
     */
    protected byte[] hexStringToByteArray(String hexString) {
        int len = hexString.length();
        byte[] data = new byte[len / 2];
        for (int i = 0; i < len; i += 2) {
            data[i / 2] = (byte) ((Character.digit(hexString.charAt(i), 16) << 4) + Character.digit(hexString.charAt(i + 1), 16));
        }
        return data;
    }
}

Cookie持久化

如果Cookie僅存在于內存中,那么App關閉之后,所有cookie就都消失;而我們期望的是下次打開App的時候依然能夠自動登錄進入主界面,這就需要我們對Cookie進行文件級別的持久化。但是,okhttp3.Cookie有一個很坑爹的情況:它沒有實現Serializable接口,無法序列化。因此,我們只能自己實現序列化:

public class SerializableHttpCookie implements Serializable {

    private transient final Cookie cookie;
    private transient Cookie clientCookies;

    public SerializableHttpCookie(Cookie cookie) {
        this.cookie = cookie;
    }

    public Cookie getCookies() {
        return clientCookies;
    }

    private void writeObject(ObjectOutputStream out) throws IOException {
        out.writeObject(cookie.name());
        out.writeObject(cookie.value());
        out.writeLong(cookie.expiresAt());
        out.writeObject(cookie.domain());
        out.writeObject(cookie.path());
        out.writeBoolean(cookie.secure());
        out.writeBoolean(cookie.httpOnly());
        out.writeBoolean(cookie.hostOnly());
        out.writeBoolean(cookie.persistent());
    }

    private void readObject(ObjectInputStream in) throws IOException, ClassNotFoundException {
        String name = (String) in.readObject();
        String value = (String) in.readObject();
        long expiresAt = in.readLong();
        String domain = (String) in.readObject();
        String path = (String) in.readObject();
        boolean secure = in.readBoolean();
        boolean httpOnly = in.readBoolean();
        boolean hostOnly = in.readBoolean();
        boolean persistent = in.readBoolean();
        Cookie.Builder builder = new Cookie.Builder();
        builder = builder.name(name);
        builder = builder.value(value);
        builder = builder.expiresAt(expiresAt);
        builder = hostOnly ? builder.hostOnlyDomain(domain) : builder.domain(domain);
        builder = builder.path(path);
        builder = secure ? builder.secure() : builder;
        builder = httpOnly ? builder.httpOnly() : builder;
        clientCookies = builder.build();
    }
}
最后編輯于
?著作權歸作者所有,轉載或內容合作請聯系作者
平臺聲明:文章內容(如有圖片或視頻亦包括在內)由作者上傳并發布,文章內容僅代表作者本人觀點,簡書系信息發布平臺,僅提供信息存儲服務。

推薦閱讀更多精彩內容

  • Spring Cloud為開發人員提供了快速構建分布式系統中一些常見模式的工具(例如配置管理,服務發現,斷路器,智...
    卡卡羅2017閱讀 134,923評論 18 139
  • 作者:晚晴幽草軒www.jeffjade.com/2016/10/31/115-summary-of-cookie...
    饑人谷_Dylan閱讀 1,232評論 0 51
  • HTTP cookie(也稱為web cookie,網絡cookie,瀏覽器cookie或者簡稱cookie)是網...
    留七七閱讀 18,084評論 2 71
  • 一年一度的“雙十一”再度來襲,全國人民幾乎過半,都沉浸在一片購物狂歡盛典之中,這陣勢,這場面,堪比每年的春節聯歡盛...
    獨孤一鳴閱讀 502評論 16 21
  • 早上發小發來微信說她司考過了,三個嘚瑟的表情看得出來她的喜悅和激動,我真的很為她感到開心,這也是我今天的小確幸和想...
    小青水閱讀 335評論 1 5