I'm running a shared KMM module with Ktor http client. I'm noticing that when I set a cookie on the iOS native side via NSHttpCookieStorage that my Ktor HttpClient doesn't pick up the new cookie. If the server responds with a SetCookie header, that works fine. The problem is when I set the cookie manually on the iOS side. I have my client setup with this:
install(HttpCookies) {
storage = AcceptAllCookiesStorage()
}
How does Ktor sync with the iOS NSHttpCookieStorage and is there a way to force it to sync? Hopefully I don't need to create an entirely new HttpClient anytime I want the cookies to sync.
Related
I'm confused in cookie policy in between IOS native app and the app's Web-View.
My company has a native app what uses Web-View in the app and it uses cookies as local cookie.
As i know, cookie is set by server response but i'm not sure the response what's got by API server in Web-View cookie is effective to native app's local cookie.
The Web View's response cookie can be effective to Native app's local cookie automatically? or should i set the cookies to Native app from Web-View ??
this is the app flow
[Native app] -> [Web View] <-> API server(response cookies)
We are building a desktop client(using Electron framework) which will communicate with a remote server via REST API. We want our desktop client to be in the logged-in state for an infinite time.
I am aware of this fact that credentials of user need to be stored securely for this purpose.
But how can we achieve this Electron framework so that it renews user session continuously on session expiration?
You would use the Webstorage, generally, it is the same behavior as for example facebook does, your browsers saves some kind of authentification token.
But this also has a drawback because it can be stolen through XSS, one trick to prevent this while still beeing logged in infinitly is to update the token on each connection to the server, also make sure to use HTTPS otherwise the token can be grabbed from the network connection.
// write to storage
localStorage.setItem("lastname", "Smith");
// read key from storage
console.log(localStorage.getItem("lastname"));
// delete key from storage
localStorage.removeItem("lastname");
I have a client - server application. Client (iOS application) has to download content from the server. Is it possible to determine if request is from the application downloaded from the App Store of just regular request (should be dropped)? Is exists a possibility to avoid hardcoded credentials in the application?
Thanks
I have a webservice, and an iOS client(application) for one of my projects.
My webservice exposes several REST endpoints. I am looking for a way to make sure that webservice processes requests that come from iOS application only.
I understand that it is impossible to be 100% sure that the requests are coming iOS application.
But are there any best practices that I can use to make sure that requests are coming from iOS only.
Here are few things that I was trying to do .
Bundle API secret with iOS application (known only to iOS and server)
Sign all the requests with secret and timestamps
Recycle API secret with every (or alternate) application release cycles.
I am new to most of this, so any help/advice/constructive-criticism would be super helpful
Best option: Bundle API secret with iOS application (known only to iOS and server).
You can send it in a custom HTTP header and it's best if you send it encrypted as well.
I'm using a UIWebView to display a webpage. I'd like to know if it's possible to encrypt and decrypt cookies stored on an iOS device. I'm using NSHTTPCookieStorage to store my cookie but I noticed that is stored as cleartext in a property list file.
I discovered that it's stored in a path similar to:
Root/User/Applications/ASDSDF234ASDRSDF234/Library/Cookies/Cookies.plist
I would like to keep private information, such as usernames, secure.
There is a sandbox mechanism in iOS system for security, so your app data could NOT be read by other apps. So I think you can keep private information in cookie.
Only for the jailbreaked iOS device, there will be the security problem. I think you can encrypt/decrypt your cookie data both in server side.