So I was just curious if the NSHTTPCookieStorage was persistent across applications, or local only to the current one. I want some cookies gathered in another app to be accessible in a search app. Is that how it works? Thanks!
PS: This is on the iPhone or iPad.
For iOS, cookies are not shared across apps. Per Apple's documentation,
iOS Note: Cookies are not shared among applications in iOS.
Created a workaround where I just pass the credentials to the new app and reconnect to server. Not very efficient, but passable until something better is found...
As Greg said, No. Each apps cookie storage is sandboxed.
A solution to the problem would be to use a SFSafariViewController, new to iOS9.
This implementation of WebViews are not sandboxed and have access to Safari's cookie storage. Meaning that two different apps could use this to both access the same cookies from Safari's cookie storage.
You would need to write a small web-service to handle writing the cookies and some sort of API to redirect cookie data back into the app.
Use this project as a starting point. It shows you how you can access Safari cookies from an app without the user having to do anything.
Hope this helps,
Liam
Related
NSHTTPCookieStorage *storage = [NSHTTPCookieStorage sharedCookieStorageForGroupContainerIdentifier:identifier]; Not working between Extensions and core app
Has Anyone been using App groups and the shared Cookie Storage to handle all the cookies between the App, Extensions, or watch. I am saving all of my cookies to this shared cookie storage but when I open an extension and check the cookies they are not there. I have set urlsession and everywhere possible to use this cookie storage but they are not persisting outside of the main ios app. I have made sure app groups are set up correctly and the identifier is the same. I have logged the cookies when exiting the app, it says they are there but logging them when opening extensions shows they are for the extensions.
Has anyone had a similar experience?
Thanks for any help!
The problem was with the actual cookies themseleves. It seems the storage was only storing the non session cookies(ones with expiration dates) to the cookies.binarycookies file. The rest were just in memory on the app and not getting carried over. I added exp dates to the cookies and manually delete those ones later on
I have an application that may access authenticated content. I know that the webview can't handle authentication so I do some NSConnection magic to make it work (something similar to this)
The thing is that there is some content that can be accessible using this web view, but there is some other content that event after a sucessfull authentication, the web view is not able to load.
BUT.. if I enter the same url with mobile safari, enter the needed credentials and then I go back to my app, the WebView seems to load the content fine.
I tried reviewing the cookies before and after the auth in Safari is done using this code
[[NSHTTPCookieStorage sharedHTTPCookieStorage] cookies];
and the cookies are the same.
As far as I understand that code will retrieve the cookies my app generates and not the ones available in iOS, so apparently this is not the way to look for a hint...
Any ideas?
Recently, i've lurked for the same question over the internet, and the answer is "no" =(.
Objects of UIWebView class and Safari or other browsers live apart and are sandboxed.
Here is official position about cookies.
TO the best of my understanding, Cookies can not be sent with the first request from a Webview, but can be sent with subsequent requests to the same URL, if and only if, the first request was successful.
This causes problems with authentication services that require cookies to authenticate on the first request to the URL.
Possibly user credentials are stored via keychain api. Keychain is shared between apps, so stored login/pass in Safari can appear in your app UIWebView.Can you elaborate this as i also need this.
I've been doing a bit of research on the subject, and I'm a little confused about storing cookies within an iOS app. I want to be able to store a user's login credentials so that they don't have to log in every time they launch the app (much like Facebook's app does). I'm kind of lost on how to do that though. Here are some of the specific questions I have:
When the user logs in, does a cookie get stored automatically? If so, where? If not, how do I store it?
How can I check for that cookie and access it, examine it, etc.? Maybe on a relaunch of the app or something.
How is storing a cookie with user credentials different than storing them in the keychain? Or are they the same thing?
When a user presses "logout" in the app, should that delete the persistent cookie? It must, right?
What's the best way to store these cookies? What does iOS automatically do for you, and what do you have to do yourself?
Is there an advantage to using ASIHTTP stuff for things like this? If so, what does the ASI library offer that the NSURL stuff doesn't? Does the treatment of cookies change when using the ASIHTTP library?
As I'm sure you can tell, I'm pretty lost, and don't know all that much about how cookies work, but I'm trying to figure it out, and any help is much appreciated!
Are you using a webview for your app or something?
Update:
You should store the username/password combination in the keychain. There are several wrappers available for this, one of my favorites:
Keychain Swift
It is however; more secure to use an access token so that the username and password combination are never stored on device.
Maybe I'm missing something, but from Apple's documentation for NSHTTPCookieStorage, I can't help but wonder how this is safe to use.
Does this mean that cookie storage is shared across all apps on the iPhone? If my app makes an Http call that results in some cookies being saved, do all apps now have access to these cookies?
Methods like:
cookiesForURL: Returns all the
receiver's cookies that will be sent
to a specified URL.
make it look even more suspicious.
Can someone explain how this is OK, and what the class does?
Also, assuming my understanding is flawed and this is indeed sandboxed per-app, do calls made using NSURLRequest automatically save/retrieve cookies from this store or is it the developers responsibility to set request headers before dispatching the request?
Your application only has access to cookies within its own sandbox.
From http://developer.apple.com/iphone/library/documentation/Cocoa/Conceptual/URLLoadingSystem/Concepts/URLOverview.html:
iPhone OS Note: Cookies are not shared by applications in iPhone OS.
I guess you're confused by the fact that you can access cookies from other domains/urls.
That's is technically true because your native app is "a browser" when you use UIWebView.
If you load www.siteA.com and www.siteB.com in your UIWebView, both domain's cookies are available to your objc code.
All apps, including mobile safari has it's own CookieJar and none of them can access the other one.
Is it possible to set a cookie in an iPhone Application that persists, so that later when the user is in Mobile Safari, that cookie can be sent to a webserver?
** Update 2017 **
A lot of changes to security mechanisms and cross-app communication were introduced to iOS in the recent years since this was first answered.
The below code no longer works on current iOS releases since Safari no longer accepts javascript:... in URLs and frameworks like NSURL catch these and return nil.
The one alternative that still works is to either host a website and have Safari open it or integrate such a HTML page in your app and run a small http server to host it on demand.
**iOS up to 6.x **
Since Apple has forced the sandboxing on all app store applications
there's currently no easy way to realize your request.
You could however open a special http://-URL from your application containing javascript to place a cookie:
NSString jsURL = #"javascript:function someFunction(){ /* your javascript code here */ } someFunction();void(0)";
[[UIApplication sharedApplication] openURL:[NSURL URLWithString: jsURL]];
Using javascript in URLs has been used by different iPhone applications to cross communicate
with MobileSafari (for example instapaper).
Another option would be to include a static HTML page in your app or on your server and instruct MobileSafari to open it.
The page in turn could set the permanent cookie.
Hope this helps!
I believe this is made easy by using the ASIHTTPRequest Library. It encapsulates the use of the global cookie store.
http://allseeing-i.com/ASIHTTPRequest/How-to-use
You can make requests with this library which will accrue cookies, and then these cookies will affect other requests later.
I use this to great effect in accessing authenticated APIs within my iPhone app.
The documentation for NSCookieStorage suggests that it would be such a mechanism. But whether "all applications" really includes Mobile Safari or not, your experimentation will have to determine....
See also the general documentation for the URL Loading System.
I'm new at iPhone development, but wouldn't opening a UIWebView allow your server to set a cookie on the browser so then when the user visits the site with Safari the cookie would be readable to your web server? Perhaps a hidden or small UIWebView? I can't tell what the use case is from your question.