While working on an Electron application I realised that the auth token that I store in a cookie isn't stored in the 'Cookie' file in its cache files, which reside at the path specified here in this post How to clear the cache data in Electron(atom shell)?.
Since I don't know the internals of how Electron or Chromium work I was hoping someone would help me answer the following questions:
*What i mean by mainWindow is when I open my web-application inside a window via electron code and then allow a user to log in. I need to know where that cookie that is stored after log in, is stored.
If anyone has any information regarding this do let me know.
Does Electron store the cookies from the "mainWindow"* in the memory or in a file on the hard drive? If it does store it on the hard drive where and in which file exactly? (I need this info to evaluate a security issue)
In Electron, Cookies are stored on a per-session basis.
Let's say you're using your BrowserWindow's WebContents session to set a cookie like so:
const { BrowserWindow } = require('electron')
let win = new BrowserWindow({ width: 800, height: 600 })
win.loadURL('http://github.com')
const ses = win.webContents.session
const cookie = { url: 'http://www.github.com', name: 'dummy_name', value: 'dummy' }
await ses.cookies.set(cookie);
Your cookies should be available under your user data path, which you can access via the app.getPath('userData') API.
Note that the subdirectory depends on which session you're using. For instance, if you're using the session.fromPartition('persist:your-part-name) API, you'll need to navigate to the Partitions/your-part-name folder.
It would also be nice to know if the cookie stored by electron which uses Chromium is encrypted in some way.
Cookies in Chromium are indeed encrypted (see changelist). Electron uses Chromium's implementation.