In my application, it opens a website using SFSafariViewController. I don't want user to always login when opening the website. And I didn't find any documentation about SFSafariViewController cache.
So how long does SFSafariViewController cache last?
SFSafariViewController use the standard iOS web view cache, which is managed by the system.
The duration for which items are stored in the cache is determined by the cache's eviction policy, which is based on a combination of the amount of storage space available and the age of the items in the cache.
So SFSafariViewController does'nt have its own cache and does not provide any APIs for managing the cache.
Use WKWebView instead, it will store cache
Related
Is it possible to share IndexedDB stores and data between a progressive web app (PWA) and stand-alone Safari on iOS? If so, what steps do I need to take to share the stores/data?
My use case is that I have a would-be PWA that uses third party authentication. The normal behavior is that when navigating to the third party authentication page, the PWA automatically opens the page in a new Safari window since it is out of scope. I would like to save the authentication token in IndexedDB from this Safari instance, open my PWA, and then load the token from IndexedDB in my PWA.
I have tested this implementation. It works fine (ie I can read the token from IndexedDB) in Safari standalone, but when I navigate back to my PWA and attempt to read the data, it doesn't exist. This suggests that the stores cannot be shared, but I am looking for a more definitive answer. I find no indication one way or the other in internet searches.
Note: local storage, session storage, and cookies are not shared between Safari and PWAs on iOS, so those solutions do not work which necessitated the use of IndexedDB
Rather than opening a new tab, you can use a pop up, like how it has been beautifully explained here with example and source code.
The key idea used here is window.postMessage, which allows windows and frames to send data across domains to one another.
I have authorization in my app that happens through POST-request to the server. In response I receive json file and cookie.
I want prevent user to enter credentials every time. So the question is how to store cookies (session only cookie) between app launches. I concern here 3 cases:
User pressed "Home" and returned to the app before app was terminated by iOS
User pressed "Home" and returned to the app after app was terminated by iOS
User forced quit from app by swiping-out it from multitasking
It seems that i can use something like this:
NSHTTPCookieStorage.sharedHTTPCookieStorage().cookiesForURL(NSURL(string: "url")!)
But is it secure and will it persist in case 2 and case 3?
I've been working on similar iOS issues for the past few weeks.
Depending upon just how secure the credentials need to be, I'd suggest looking into using the browser's localStorage functionality to resolve this, rather than using cookies.
localStorage and sessionStorage are far easier to manipulate than cookies, and cross domain protections help avoid both user manipulation and 3rd party attempts.
If one was dealing with almost any other browser, one would generally use sessionStorage, since the values are preserved per log on session. But, iOS on mobile devices wil purge session storage far too frequently, rendering it useless.
The danger of using localStorage is that values persist between browser sessions. Where this becomes an issue is if a legit user logs in from a 3rd party device, the credentials are retained on that device unless the user has a way purging them (which is easy to accomplish using javascript).
The advantages of using sessionStorage and localStorage are:
1. ease of manipulation compared to cookies
2. no need to keep posting back cookies values to the server
3. less server overhead
note that on iOS in particular, if Private Browsing is enabled, both session and local storage are disabled.
If I have an iOS app, how can I open a browser view inside the app (upon the user tapping a button) which contains no cookies from any domains?
This means the browser view should not remember cookies from the previous time the user opened the browser, nor share cookies with the Safari app.
There are now three classes to do web views as far as I understand, SFSafariViewController, WKWebView and the dated UIWebView. Which of these allows what I want to achieve?
WKWebView is the way to go. Upon initialisation it won't contain any cookies from previous sessions. From the Apple documentation:
Each web view is given its own Web Content process until an implementation-defined process limit is reached; after that, web views with the same process pool end up sharing Web Content processes.
Furthermore, WKWebView is intended as a replacement for the older UIWebView.
SFSafariViewController shares cookies and other website data with Safari.
I launched Firefox in private mode and opened youtube. The first thing I see is recommended videos based on my prevoius watches. But I am not logged in, I am in private mode, why does youtube suggests this to me? I think it's privacy violation. Am I right?
The internet in general is a privacy violation, whether you are in private mode are not. As mrunion said in the comments, Google can store information about you in cookies (or even in your cache) which "Private" mode can still access.
Try clearing your cache and deleting cookies. If you want your browsing to be more "Private" I would suggest that you disable cookies altogether, although this can negatively affect how many web sites perform as they may depend on those cookies.
I'm building an iOS app that uses a UIWebView to show most of it's content. I want to use Google Analytics (Web) to track the user behavior in the UIWebView. Will the cookie be deleted once a user updates their app? Can I somehow keep it?
It should not!.
However NSCookie default storage places not revealed.But from IOS4 you can provide your storage location using
– initWithStorageLocation:
Method. Documents Folder persists across updates.So you can make sure it persists by storing in documents folder.