iPhone cookie/caching issue on 3G, fine over wifi - iphone

I'm having trouble with an old pre-mobile website which uses PHP, MySQL, cookies and HTML forms to log users in, and then track their session (it's a calendar app and messageboard). When my iPhone is attached to my wifi network at home, all is well, but when I switch to 3G the cookies no longer function and the session is dropped.
I read another thread:
Web site exhibits JavaScript error on iPad / iPhone under 3G but not under WiFi
in which the poster was experiencing a javascript issue on 3G but not on WiFi, and the suggestion was that the cellular carrier (O2 in his case, Orange UK in my case) itself was messing with the HTTP data going across 3G, but not WiFi. The fix was to use more javascript to prevent inlining of includes.
Does anyone think that my cookie and session problems are possibly caused by a similar issue, and if not can anyone think of an alternative explanation and ideally a fix?

Aha - I found out what the problem was. The cookie control on the site in question was actually being run by an installation of phpBB, which uses IP binding as a security measure. This checks off the IP addresses of successive requests within a session and drops it if they don't match. Must be the case that over wifi I have an unchanging IP, while Orange UK must bounce around several IP addresses when I run over 3G. Solved the problem by turning down the IP binding in phpBB (you can ask it to compare the whole address or just the first 2 or 3 bytes instead).

I'm guessing your 3G provider is proxying your HTTP somehow. It's common for some (in my opinion, crappier) ISPs to do this. That would be an explanation of why it is behaving differently to the same browser on another connection.
Lots of people will access your site over a proxy such as Squid. You need to fix this so it works or you might inadvertently block access to some people.
My guess is that your code may just be setting cookies in a particular way which is forgiven by browsers but not supported by that particular proxy. I'd start troubleshooting by specifying the domain, expiry in different ways (with dot at start of domain and without, with quotes around domain/path and without) and turning on or off Cookie2 features or HTTP-only features.
Is there an HTTP header viewer for the iPhone browser? If not try tethering it and use something like LiveHTTPheaders in Firefox (keep in mind that if your network can detect tethering it could in theory turn on/off its proxy based on whether you tether).
You'd probably have to post your code or an HTTP transcript (just the headers) for people to diagnose further.

Related

How to know if a device is connected to a working internet connection in PWA

When creating a progressive web app how can i know that a mobile device is connected to a working internet connection cause it can be connected but not working.
The saying, "You never know until you try" is pertinent here. At the moment you want to check whether there is connectivity, simply fetch a remotely hosted resource with a cache-busting technique. It's generally best practice for that resource to be tiny in file size if you need to check regularly and often (such as 1×1 pixel gif). If you receive a network response in the 200 range, you have connectivity. Otherwise, for the moment at least, you probably don't.

iPhone app's traffic not sniffable

I've got quite a bit of experience using Charles to sniff out traffic being sent out on my iPhones. Almost every app that I choose to reverse engineer has been possible in large part to cURL and Charles. But, for some reason, this one app called Link seems to have a different way of communication with their server. I looked through my entire Chalres session and didn't see any relevant traffic from this app to an API endpoint. I don't have much experience actually making mobile apps, so perhaps there are other ways to process all of the requests that have to be generated upon using the app. But, how could all of the user's data be stored if no requests are being sent from the app to an external server somewhere?
Charles is an HTTP proxy, it is possible another protocol is being used. Possibly directly using TCP/IP connections.
Wireshark will show all packets in gory detail but you will probably not be able to see encrypted data decrypted without the key.
And the Wireshark UI is something to behold. ;-)
If the app runs on SSL you wouldn't be able to sniff any traffic either way. I design my apps that way at least. Could this be the case? Does it use port 443 instead of port 80?
Okay. Have a look at this post:
http://www.doubleencore.com/2013/03/ssl-pinning-for-increased-app-security/
SSL pinning might be the answer.

Get rid of proxy popup in ios simulator

I'm behind a corporate firewall and all network traffic goes thru the main proxy. In my iOS simulator, I get proxy popups a few times each time I run my app. The thing is, my app doesn't make any network calls (yet), and doesn't import any network frameworks. In fact, I can reproduce this by making a new project in XCode using one of the standard templates and run it straight away; it'll still prompt for the proxy credentials every time.
In my OSX network settings, I've obviously set my proxy credentials in all the different protocols (HTTP, HTTPS, FTP, Socks, RTSP, Gopher). I found that I needed to put the domain and backslash before my username to allow web access in any OSX browsers etc...so given that I did that and then the OSX proxy prompts went away and I was allowed access, I would have thought that the iOS simulator would just inherit those settings...?
Any ideas?
One more bit which may be unrelated: we haven't yet figured out how to get access to the App Store on this Mac; despite supposedly getting past the proxy, any use of the App Store just results in timeouts and we can't even see the "home page". I'm wondering if somehow the iOS simulator is making similar network calls using some other protocol that is like the App Store...? (I would have thought App Store would have been HTTPS but I don't know).
Any thoughts appreciated.
If you put *.apple.com in your proxy passthrough list, the simulator will stop whining about it.
Like you, I can't get the Apple Store to work through our corporate proxy either. I've worked around it by using a wireless network that doesn't use a proxy when I have to use the App Store.
I've found plenty of other things in the OS that don't work through our proxy.
I had the same issue and found another way without touching the proxy settings!
I'm working on a Mac with OSX-El Capitan so maybe in other versions these steps might be slightly different:
Go to System Preferences
Go to Network
Choose your connection (Wireless/Ethernet/Thunderbolt-Ethernet)
Click on Advanced Options
Go to the tab Proxies
The two boxes Automatically detect proxy (for the internet connection on your mac) and Web-Proxy (HTTP)
Insert your login credentials at Web-Proxy (HTTP).
This reduced the occurence of the Proxy-PopUp greatly on all the 3 macs I work with. (At least it doesn't appear periodically anymore when I start my app from xcode)

detect connection type for iphone on website?

is it possible with javascript, PHP (or anything!) to see if the iphone is using 3g or wifi from a website? We want to load low-res content if its 3G you see,
I found SCNetworkReachabilityFlags but that is just for apps...
Any pointers would be great!
Dan
I wouldn't expect this to be possible at all from the server side. From the client side, as you said, you could use the System Configuration Framework and the SCReachabilityFlags, but only client side.
As far as your server is concerned, it knows nothing about the type of connection any request is coming in on, apart from the immediate connection it has to the internet.
A request from an iPhone may pass through firewalls, routers, bridges, hubs, wireless, wired, almost any kind of network on it's way to you server.
The 3G part is only the connection between the phone and the data provider (AT&T, O2, etc), and after that, it's anybodies guess and will most certainly differ depending on the route between the data provider and your server.
The best advice I can give is to have a landing page, and let the user decide whether or not to load a high or low res version of the site. At least then it's off your hands if they run up a huge data bill...

iphone app communication without using webservices

I want to send some Text plus a image from one iphone application to other iphone app but restriction is I should not use a web server in between communication,Is there any way to fulfill it ?
Details: There are two independent devices and could be far enough say out of network. My requirement one app adds some text with a image and sends it to another iphone which can be at any long distance , and the app installed in another iphone will read that info and image into itself.
Actually there is a solution that meets your needs — and that fits to bbums answer:
Create a HTTP-Server on the iPhone, using cocoahttpserver. than you will ask some webservice like whatismyip.com for your public ip. with this your iPhone can be connected worldwide.
But very likely ur wifi-network is not forwarding your port to the iPhone. Ash.
And even if: Now it gets difficult. How to publish your ip from one phone to the other? hmmm... — I got it: I will exchange the information in a centralized space! In the web!
... wait — that would be a Webserver.
You see: Without any kind of server in the Web the users would need to exchange ip manually and have full admin power and knowledge about the local network.
So IMHO bbums answer is the only way to go.
PS: I am working with http server running on iPhones. In local network that works great, especially with bonjour. And you can use them over distance network — but only with reconfiguration of your router — something you shouldn't force your user to do
There is far from enough information to provide a specific answer.
two apps on two different devices?
are the two devices on the same network?
are the two devices both on WiFi?
do you need the user to receive a notification or something if the app isn't running?
If on same device, you can define a custom URL handler in the destination app and then openURL: in the source app to pass the data over. Encode your image and text into the URL, but be careful of size limitations.
If on different devices, there are many possible solutions, but answering the above questions will be critical to actually knowing what solution is appropriate.
Given your comment -- two apps, different devices, arbitrary networks -- then you are going to have to have some kind of server in between. Note that the recently added Game Center does have the ability to rendezvous two users, but it has a very particular user experience that may not be appropriate to your needs.
I would suggest that you investigate using push notifications to notify the receiving user of the availability of content. As for moving the content between, no direct connection is possible and you will have to have some kind of store-and-forward server in between. And, yes, a web server is going to be the easiest possible solution simply because HTTP is ubiquitous these days.
If there's no network of any kind available, but both parties have amateur radio licenses, then hooking the two devices up to HF packet radios might work.
THIS is super EASY.
I would code up some software that can turn data into modem signal, like the good old dial up modem. The device would actually make those annoying buzzing sounds.
You get the phone number for your friends nearest landline and call him.
He places his iPhone near the phones receiver in listen mode and you connect to his phone using your audible modem.
Bingo, via the power of sounds you have sent data which is decoded on his device and all for the very cheap price of a phone call, there are pretty cheap these days especially if you use Skype.
Easy Way (relatively speaking)
A way two apps on different networks can communicate without setting up a web server of some sort is as follows.
Use an existing third party storage system like DropBox.
Each app would need the login and password for your DropBox. Then both apps can read and write files that the other app can see.
An existing app that does this is a shopping list app called ShopShop.
The app on my phone and my wife's phone both link to the same DropBox account and the app keeps the shopping list synced up when one of us adds something to the list.