I am trying to load one secure HTTP url into UIWebView, but it throws me an "untrusted certificate error" i.e error -1202. NSURLDomainError.
I searched on stackoverflow and found out this solution and implemented the same:
UIWebView to view self signed websites (No private api, not NSURLConnection) - is it possible?
As per this solution after receiving a callback to :
-(void)connection:(NSURLConnection *)connection didReceiveResponse:(NSURLResponse *)response;
We again load the secure http url to webview, and as we have already done the authentication pass,
it loads the data.Also, the credential the server uses are my personal crendetials, so i am mentioning the NSURL
NSURLCredential *newCredential = [NSURLCredential credentialWithUser:#"username"
password:#"password"
persistence:NSURLCredentialPersistenceForSession];
But my problem here is, it just goes into some kind of loop, and i am not able to get any of the callback of UIWebView. Any solution or any idea what the problem will be?
I am using the new Basecamp API for my iOS basecamp client app. I want the user to be able to logout and switch accounts. But I can't as the account credentials stored in the browser cache are used every time I request authorization.
I figured out I would need to flush browser cache to do this. How do I clear the browser cache?
[[NSURLCache sharedURLCache] removeAllCachedResponses];
After that, you can deleting any associated cookies with in the UIWebView:
for(NSHTTPCookie *cookie in [[NSHTTPCookieStorage sharedHTTPCookieStorage] cookies]) {
if([[cookie domain] isEqualToString:someNSStringUrlDomain]) {
[[NSHTTPCookieStorage sharedHTTPCookieStorage] deleteCookie:cookie];
}
}
Using GData, is there a built in way to store a session or credentials for interacting with the gdata api, or do I need to store credentials manually in the keychain? I'm using the YouTube upload API, and want to ensure the user doesn't have to enter username and pw each time. If there's a way to automatically get the user's Google login session, that's even better.
If you're using the GTM Oauth library (http://code.google.com/p/gtm-oauth/), they provide a method to store access token information in keychain by service name (e.g. "YouTubeAPI" or something).
Additionally, if you're using raw username / password, I would definitely store the details in keychain. Sci-Fi Hi-Fi has a nice, easy to use library that I've used in the past - http://github.com/ldandersen/scifihifi-iphone.
The GTM OAuth is newer, but the GData API's also support this via the setAuthorizer method. I didn't notice that until I dove into the source code.
//save to keychain
- (void)viewController:(GDataOAuthViewControllerTouch *)viewController
finishedWithAuth:(GDataOAuthAuthentication *)auth
error:(NSError *)error {
if (error != nil) {
// Authentication failed
} else {
[[self youTubeService] setAuthorizer:auth];
}
}
//check if authorized:
- (BOOL)isAuthorized
{
GDataOAuthAuthentication * auth = [GDataOAuthViewControllerTouch authForGoogleFromKeychainForName:kAppServiceName];
BOOL isSignedIn = [auth canAuthorize]; // returns NO if auth cannot authorize requests
if(isSignedIn) [[self youTubeService] setAuthorizer:auth];
return isSignedIn;
}
HI, i am about to create an iphone application that will have a account system . ( login/logout ) .
that will have a server side also. so how to do session management. while your client is iphone
how i can do that ??
I use the ASIHTTPRequest library to communicate with my webservice.
It has built-in capability to handle cookies, so I simply login with a POST request and the cookie is set like a normal browser.
When your network connection is down, you can still check for a valid cookie:
- (BOOL) hasSignInCookie
{
NSArray *cookieJar = [[NSHTTPCookieStorage sharedHTTPCookieStorage] cookies];
for( NSHTTPCookie *cookie in cookieJar)
{
if( [[cookie name] compare: #"JourneyTagID"] == NSOrderedSame)
{
return YES;
}
}
return NO;
}
If it's a webapp, or your server-side is going to be a webservice, you probably want to be using HTTP cookies.
Otherwise, you could come up with some custom scheme where you assign a session id to the client and associate it with their state on the server side. The client provides this session id in future requests.
Things to think about here would include persistence/expiry, both server-side and client-side. Also, security (is your scheme susceptible to brute force or prediction attacks? Should you be encrypting the communication where this is assigned/provided?)
Regarding the iPhone, you may want to make your session id specific to a particular UDID (unique hardware address).
Can an iPhone application read cookies previously stored by Safari Mobile?
To actually answer your question:
No.
Mobile Safari's cookies are not accessible from SDK apps. And each SDK app is given its own WebKit cache and cookie stores, so while cookies will persist within the same app, they aren't accessible betweeen apps.
As of iOS 9 this is possible!
Use a sfSafariViewController.
You will need to setup:
A custom URL scheme in your app to receive cookie data.
The website you are getting cookies from will need to implement an API specific your app's custom URL scheme, to redirect back to your app.
You can clone this repo which has a fully working demo of this.
Hope this helps,
Liam
There is actually an interesting way if you have access to a server url.
In your app launch the server url with mobile safari.
The target server url reads the cookie and redirects back to an app specific url (myapp://cookie=123)
The app is then switched back and you can read that value from the url handler
It's a little hacky as the app would switch mobile safari and then immediately switch back to the app. But, it is possible.
Note that on iOS 8, you're probably better using Safari Password Sharing to solve some of the use cases that give rise to this problem.
This is not directly possible, but with the cooperation of the web site it is possible.
To clarify, the user case is that an Objective C application wants to read the value of a cookie that has been set by a website in mobile safari. (ie. in particular, a UIWebView was not involved in setting the cookie)
Your app should do this:
Launch mobile safari, using [[UIApplication sharedApplication] openURL:url];
The URL should be a special one, eg. http://yourwebsite.com/give-ios-app-the-cookie
On your website, when that url is launched, issue a redirect to your-app-url-scheme:cookievalue= (eg. angrybirds:cookievalue=hh4523523sapdfa )
when your app delegate receives - (BOOL)application:(UIApplication *)application openURL:(NSURL *)url sourceApplication:(NSString *)sourceApplication annotation:(id)annotation process the url to get the cookie value
Note that you should not do this automatically when the application starts - the user will see the transfer to Mobile Safari and back, which is not a good user experience and Apple will reject your app (Apple also consider this to be "uploading user's personal data to server without their prior consent"). It would be better to do it in response to the user, paying attention to the user experience - eg. wait for the user to hit a "login" button, then do it, and if the user is not logged into your website, http://yourwebsite.com/give-ios-app-the-cookie should show the user the login screen within safari. If the user is logged in you could briefly show a "Automatically logging you in..." screen for a second or two in Safari before redirecting the user back.
There's no way to get this to work with hotmail/gmail/etc of course - it needs to be your own website.
Credit goes to Unique Identifier for both mobile safari and in app in iOS for suggesting this kind of approach.
Because of sandboxing on the iPhone you don't have access to Safari's cookies. You can only access cookies created within your application - by an UIWebView for example.
Although you have asked the same question twice before, here's one approach not yet mentioned...
This may be a little convoluted, but you can do Greasemonkey-esque things with a UIWebView. Something like this:
Load your target page
craft some javascript which will read the document.cookie and return the data you need
In the webViewDidFinishLoad delegate, inject this javascript into the UIWebView with the stringByEvaluatingJavaScriptFromString message
I've used this technique to enhance 3rd party pages in an iPhone app, but I'm not sure if it will read cookies from the same place as Safari mobile.
Worth a shot though?
Here's my utils get/set cookie methods.
+(void)setCookie:(NSString *)key withValue:(NSString *)value {
NSArray *keys = [NSArray arrayWithObjects:
NSHTTPCookieDomain,
NSHTTPCookieExpires,
NSHTTPCookieName,
NSHTTPCookiePath,
NSHTTPCookieValue, nil];
NSArray *objects = [NSArray arrayWithObjects:
#"YOURDOMAIN",
[NSDate distantFuture],
key,
#"/",
value, nil];
NSDictionary *dict = [NSDictionary dictionaryWithObjects:objects forKeys:keys];
NSHTTPCookie *cookie = [NSHTTPCookie cookieWithProperties:dict];
NSHTTPCookieStorage *sharedHTTPCookieStorage = [NSHTTPCookieStorage sharedHTTPCookieStorage];
[sharedHTTPCookieStorage setCookie:cookie];
}
+(NSString *)getCookie:(NSString *)key {
NSHTTPCookieStorage *sharedHTTPCookieStorage = [NSHTTPCookieStorage sharedHTTPCookieStorage];
NSArray *cookies = [sharedHTTPCookieStorage cookiesForURL:[NSURL URLWithString:#"YOURDOMAIN"]];
NSEnumerator *enumerator = [cookies objectEnumerator];
NSHTTPCookie *cookie;
while (cookie = [enumerator nextObject])
{
if ([[cookie name] isEqualToString:key])
{
return [cookie value];
}
}
return nil;
}
You might want to check
if ([[NSHTTPCookieStorage sharedHTTPCookieStorage] cookieAcceptPolicy] != NSHTTPCookieAcceptPolicyAlways) {
[[NSHTTPCookieStorage sharedHTTPCookieStorage] setCookieAcceptPolicy:NSHTTPCookieAcceptPolicyAlways];
}
But apparently NSHTTPCookieStorage does not even hold cookies from the last request in the current application on iOS (rdar://8190706)