Cookie Jar Encryption with Chromium


#1

Hello,

I have a project currently using electron 0.34.1.

In this project, there is a section of code does something like this:

var authWindow = new BrowserWindow({ ... }); authWindow.loadUrl(url);

The window loads a page prompting user for sign-in. The page is controlled by a third party, so we cannot do anything to alter its behavior.

The sign-in page writes a few cookies if the sign-in was successful.

Problem:

The cookies written by the sign-in page is saved in the Cookies file, a SQLite database, with all of their values in plain text. When using tools like DB Browser for SQLite to inspect the file, it looks like this:

Notice all values are stored in the ‘value’ column.

Question:

Is there a way to make Chromium in electron to store all cookie values encrypted, just the same as what the Chrome browser does? If yes, how?

Chrome stores cookie values encrypted in the ‘encrypted_value’ column.

Thanks! :slight_smile:


#2

Cookie encryption is tracked in https://github.com/electron/electron/issues/7073