express-session not saving cookies because of safari cross-site tracking - iphone

I deployed an app to both netlify(frontend) and heroku(backend) and it works fine on a laptop. But if I try to access it on my iphone, it does not store the intended cookies. If I switch off 'cross-site tracking' in my safari settings, I can then store the cookies. Is there any way around this? Thank you.

Related

Transfer cookies to another device on Chrome

I am trying to move the login session of Facebook from one device to another device. Both the devices use chrome browser. I tried using a cookie extension to export the cookies and then import the cookie on another device. The cookies in the logged-in device are:
In the destination device, after importing the cookie, when I open Facebook.com it asks for credentials as usual. Also, it replaces a few cookies and removes some (like presence).
My question is, is there anything facebook uses to stop transferring cookie sessions? How FB detect that it's a different device?
It's for leaning purposes to figure out the attacks and defenses in the cookies system.
I was able to get it to work by just creating c_user and xs cookies manually and copying the values in the other browser. I think I was doing something wrong while exporting or importing the whole cookie set.

UIWebView using Mobile Safari cache data/cookies ... is this possible?

I have an application that may access authenticated content. I know that the webview can't handle authentication so I do some NSConnection magic to make it work (something similar to this)
The thing is that there is some content that can be accessible using this web view, but there is some other content that event after a sucessfull authentication, the web view is not able to load.
BUT.. if I enter the same url with mobile safari, enter the needed credentials and then I go back to my app, the WebView seems to load the content fine.
I tried reviewing the cookies before and after the auth in Safari is done using this code
[[NSHTTPCookieStorage sharedHTTPCookieStorage] cookies];
and the cookies are the same.
As far as I understand that code will retrieve the cookies my app generates and not the ones available in iOS, so apparently this is not the way to look for a hint...
Any ideas?
Recently, i've lurked for the same question over the internet, and the answer is "no" =(.
Objects of UIWebView class and Safari or other browsers live apart and are sandboxed.
Here is official position about cookies.
TO the best of my understanding, Cookies can not be sent with the first request from a Webview, but can be sent with subsequent requests to the same URL, if and only if, the first request was successful.
This causes problems with authentication services that require cookies to authenticate on the first request to the URL.
Possibly user credentials are stored via keychain api. Keychain is shared between apps, so stored login/pass in Safari can appear in your app UIWebView.Can you elaborate this as i also need this.

How to share cookies from my ios app to mobile safari?

I use asiHttpRequest library to do data get and post.
I have built a login function with it to login to my site, after that, if I launcher a URL from my app to use mobile safari app browse the site, it still remains not authenticated.
I guess the reason is that my app does not share the same cookie storage with safari, is that correct? is that possible I share the cookies with other apps, especially the Safari?
You can NOT share cookies in your App with Mobile Safari. As #erpayo said, it's in Sandbox.
Maybe add a UIWebView into your App is the best solution. Do not open an URL in Mobile Safari but open it in the UIWebView. It can get your cookies.
no, it's not.
Cookies are sandboxed.
Maybe you can make some server side tracking using query string parameters, but it will become a security hole

Does NSHTTPCookieStorage persist across apps?

So I was just curious if the NSHTTPCookieStorage was persistent across applications, or local only to the current one. I want some cookies gathered in another app to be accessible in a search app. Is that how it works? Thanks!
PS: This is on the iPhone or iPad.
For iOS, cookies are not shared across apps. Per Apple's documentation,
iOS Note: Cookies are not shared among applications in iOS.
Created a workaround where I just pass the credentials to the new app and reconnect to server. Not very efficient, but passable until something better is found...
As Greg said, No. Each apps cookie storage is sandboxed.
A solution to the problem would be to use a SFSafariViewController, new to iOS9.
This implementation of WebViews are not sandboxed and have access to Safari's cookie storage. Meaning that two different apps could use this to both access the same cookies from Safari's cookie storage.
You would need to write a small web-service to handle writing the cookies and some sort of API to redirect cookie data back into the app.
Use this project as a starting point. It shows you how you can access Safari cookies from an app without the user having to do anything.
Hope this helps,
Liam

facebook canvas app authentication single sign on does not work on safari 5

I have been using single sign on authentication for my facebook canvas iframe app.
It works fine on IE, Firefox, Chrome(all latest). But doesn't work on Safari 5.
I know safari doesn't allow cross-domain cookies, and that's the reason it's not working. Facebook sets cookie for my app's domain that I can use as single sign on mechanism.
If I go to Safari's Preferences and set to allow cookies always and not only for sites I have visited, the entire app works fine. But, I don't expect every single safari user of my app to be doing that.
Has any one got this working? I tried using couple of other apps, and they seem to work but not sure if they use single sign on approach to authentication, which is actually recommended by facebook documentation. Do you think I should be using another approach that can fix it for me?
Info: I'm using ASP .NET MVC 2
Thanks
This worked pretty well for me.. http://forum.developers.facebook.net/viewtopic.php?pid=257432#p257432