It is often required to accept cookies and send cookies along with requests, for different reasons. A common use case where this could be required is signed token URLs. When the first DASH or HLS manifest is requested, the server send a `
Set-Cookie` HTTP response header, which the client should accept. On every subsequent request, like manifest updates or segment requests on the same domain, it should send the provided cookie back to the server to authenticate and get access to the requested files.
While this may work out of the box on some platforms, it does not on others. This tutorial will go through the required setup for the different Bitmovin Player SDKs.
Web SDK Version: 8.0.0 or higher
Android SDK Version: 3.0.0 or higher
iOS SDK Version: 3.0.0 or higher
Roku SDK Version: 1.34.0 or higher
Chromecast Receiver using CAF: Custom handling in the receiver, as demonstrated in <https://github.com/bitmovin/bitmovin-player-caf-receiver>
On web browsers, it’s the default behavior to accept cookies from servers via the `
Set-Cookie` HTTP header, and it is used on the following requests. There is no need for any configuration.
However, in order to allow cookies to be sent also in cross-site requests, you will need to explicitly allow this for security reasons as shown below. The `
XMLHttpRequest.withCredentials`, please refer to [XMLHttpRequest.withCredentials on MDN](🔗) for full details about this flag.
In the player’s `
source` object, you can specify an additional `
options` object which can take an optional [withCredentials](🔗) property to enable cross-origin cookie handling.
Due to limitations from Apple, Safari requires a slightly more complex setup to get cookies to work properly. To enable the full functionality, it is required to set up a [Service Worker](🔗). Please refer to our Github sample on how to set this up: <https://github.com/bitmovin/bitmovin-player-web-samples/tree/main/serviceworker>
## Android, Android TV and Amazon FireTV
The expected cookie handling is not working per default on Android platforms. This requirement can be solved easily though by setting a default Cookie Manager at the application level. The following code should go in the main activity:
It first creates a new instance of the `
CookieManager`, which is a default Android class (API level 9+). We set a `
CookiePolicy` on that instance using the `
setCookiePolicy` method, in the example above we use the value `
ACCEPT_ORIGINAL_SERVER` (see <https://developer.android.com/reference/java/net/CookiePolicy> for details and other options). Finally, we’re setting our instance as the `
CookieHandler`'s default (`
setDefault` method). This should be done at the beginning of an HTTP session.
With this, you are all set. However, Android offers more customizations if needed, see <https://developer.android.com/reference/java/net/CookieManager> for more details and options.
## iOS and tvOS
On iOS and tvOS, AVFoundation already handles most of the cookies. To leverage that, you will have to change a particular player configuration setting:
First, we create a `
PlayerConfig` as usual (line 1). Then a TweaksConfig is created (line 3) and the [isCustomHlsLoadingEnabled](🔗) property of it is set to `
false` (line 3). This is the important part as it disables the manifest loading done by the Bitmovin Player SDK and offloads this task to AVFoundation instead. Finally, the created `
TweaksConfig` is added to the `
PlayerConfig` (line 4). Once this is done, `
Set-Cookie` HTTP headers are accepted and applied to the following request like manifest updates or segment downloads as expected.
This approach comes with downsides as some features and events are not supported in this mode. This includes, but is not limited to:
MetadataEvent`s carrying segment-specific metadata for custom HLS tags, like `
MetadataParsedEvent`s carrying segment-specific metadata for custom HLS tags, like `
DrmDataParsedEvent`s when a `
#EXT-X-KEY` is found
Player.availableVideoQualities` is missing some information
DownloadFinishedEvent`s for playlist downloads
SourceWarningEvent`s when no `
#EXT-X-PLAYLIST-TYPE` is found
This is supported out of the box in the Bitmovin Player Roku SDK starting with [version 1.34.0](🔗), without any further settings.
## Chromecast (CAF)
CAF (Chromecast Application Framework) receiver apps do not use the Bitmovin Player as Google does not allow third-party players.
CAF allows to customise requests before they are issued. This enables you to set the `
withCredentials` flag in the [manifestRequestHandler](🔗), [segmentRequestHandler](🔗) or the [captionRequestHandler](🔗) according to your needs.
[Bitmovin’s sample CAF receiver](🔗) already includes such code and transfers the settings from the CAF sender player SDKs to the receiver.