I've been doing a bit of research on the subject, and I'm a little confused about storing cookies within an iOS app. I want to be able to store a user's login credentials so that they don't have to log in every time they launch the app (much like Facebook's app does). I'm kind of lost on how to do that though. Here are some of the specific questions I have:
When the user logs in, does a cookie get stored automatically? If so, where? If not, how do I store it?
How can I check for that cookie and access it, examine it, etc.? Maybe on a relaunch of the app or something.
How is storing a cookie with user credentials different than storing them in the keychain? Or are they the same thing?
When a user presses "logout" in the app, should that delete the persistent cookie? It must, right?
What's the best way to store these cookies? What does iOS automatically do for you, and what do you have to do yourself?
Is there an advantage to using ASIHTTP stuff for things like this? If so, what does the ASI library offer that the NSURL stuff doesn't? Does the treatment of cookies change when using the ASIHTTP library?
As I'm sure you can tell, I'm pretty lost, and don't know all that much about how cookies work, but I'm trying to figure it out, and any help is much appreciated!
Are you using a webview for your app or something?
Update:
You should store the username/password combination in the keychain. There are several wrappers available for this, one of my favorites:
Keychain Swift
It is however; more secure to use an access token so that the username and password combination are never stored on device.
Related
I'm currently working on a PWA and noticed that the overall experience would be awesome for the users, if they do not have to sign-in every time they open the app.
I've noticed that on native mobile apps, the user stays signed in unless they decide logging out of the app.
I could think about the following approaches -
Make the session time super long; say 30 days or 180 days. I'm not aware of the downsides of this approach.
Create a cookie that says that auto-login link and use it to authenticate the user automatically when they open the app.
But there could be a way better approach than this; and I'm curious to know about it. Can someone help?
Well depends on your current user session algorithm, websites like facebook keeps me logged in for years, you might want to use
Local storage (Indexed DB) to store the user's data only update them asynchronously ,
Cookies, set a (x months) cookie and validate the cookie if it exist probably with the user's data,
This would be preferably done with your server side language and not client side.
I'd like to autologin a user. When he puts in his credentials (username, password) the first time, it gets saved in the keychain. Now when the user restarts the app, he should get redirected to his account-information without seeing the login screen..
I guess I have to start this in AppDelegate, right?
Any idea? Thanks in advance.
To answer the question: if you want to auto-login with keychain data, use the free framework "SFHFKeychainUtils". It saves username, password and servicename in keychain. if you want to retrieve it, just save the username in NSUserDefaults and you can get the password with ease.
Here we go:
SiFi HiFi Framework: https://github.com/ldandersen/scifihifi-iphone/tree/master/security
SiFi Hifi Framework (ARC compatible): https://stackoverflow.com/a/10348964/1011125
How to use SFHFKeychainUtils: http://gorgando.com/blog/technology/iphone_development/simple-iphone-tutorial-password-management-using-the-keychain-by-using-sfhfkeychainutils
IOS device doesn't have the concept of keychain (as far as I know).
What you can do to avoid subsequent login screen is this:
Once you successfully login, save a boolean variable in your userdefaults. I hope you are familiar with User Defaults data, which can store small amount of datan for your app. Consider it as a database which persists across app executions. Once you open your app next time, read this variable and if it says logged in, don't go to login.
I hope this works for you.
I have an iPhone app that uses core data. I want to add account management to this app for backup and social reasons. What is the easiest way to handle account registration and login? Will I need to create a PHP script or create an XML/JSON file?
Any advice would be great. I have no idea what to do (I'm only familiar with Cocoa Touch).
Edit:
I think I will be going with a twitter login. Hmm, so if I do a twitter login, when the user signs in, their account data will be loaded into my database? Or something similar? I think I still need my own server because if a user signs in from another device, their data should show up there too.
From a usability standpoint, it would be best to use login's from Facebook or Twitter as the user will generally prefer to have a single login. They make sdk's for this, and it also reduces the amount of work you have to do on your end to maintain accounts. If the account is essential to your app then explore other options, but if it is just social, as you mentioned above, don't reinvent the wheel.
So I was just curious if the NSHTTPCookieStorage was persistent across applications, or local only to the current one. I want some cookies gathered in another app to be accessible in a search app. Is that how it works? Thanks!
PS: This is on the iPhone or iPad.
For iOS, cookies are not shared across apps. Per Apple's documentation,
iOS Note: Cookies are not shared among applications in iOS.
Created a workaround where I just pass the credentials to the new app and reconnect to server. Not very efficient, but passable until something better is found...
As Greg said, No. Each apps cookie storage is sandboxed.
A solution to the problem would be to use a SFSafariViewController, new to iOS9.
This implementation of WebViews are not sandboxed and have access to Safari's cookie storage. Meaning that two different apps could use this to both access the same cookies from Safari's cookie storage.
You would need to write a small web-service to handle writing the cookies and some sort of API to redirect cookie data back into the app.
Use this project as a starting point. It shows you how you can access Safari cookies from an app without the user having to do anything.
Hope this helps,
Liam
I am making app about google documents. but I don't know How to save Login Information
Document Folder ? Cache Folder ? Where save Login Information ?
The best option is to use the keychain.
There's example code at the Apple site or Buzz Anderson has some great code at his site
Alternatively you could use NSUserDefaults but that's less secure. The keychain is encrypted, user defaults are not (unless you encrypt before insertion but that's extra work)