Android WebView Cookie Solution


Some users on Android devices have experienced an inability to redirect back to the merchant’s page following completion of authentication within the issuer’s screens.

NOTE: Use of WebView’s for iFrame loading and Step Up redirection is not officially supported; however, to remedy this issue, please review the following document.


When local storage is unavailable on a device, the Cardinal Cruise JavaScript may use cookies to proceed with a transaction flow in fail-safe scenarios. By default, use of Third Party Cookies is disabled within an Android WebView.

When the HTML is loaded within the WebView using an iFrame, in API Level 21 or higher, and additional step is required to allow requests out from the iFrame.










Left: example of the consumer experience when this issue occurs.


In order to use a WebView within Android, you will need to allow Third Party cookies. This can be achieved by setting setAcceptThirdPartyCookies to true.

CookieManager cookieManager = CookieManager.getInstance(); cookieManager.setAcceptThirdPartyCookies(webView, true);

Affected Versions:

  • Android 4.4 KitKat and above