I'm confused in cookie policy in between IOS native app and the app's Web-View.
My company has a native app what uses Web-View in the app and it uses cookies as local cookie.
As i know, cookie is set by server response but i'm not sure the response what's got by API server in Web-View cookie is effective to native app's local cookie.
The Web View's response cookie can be effective to Native app's local cookie automatically? or should i set the cookies to Native app from Web-View ??
this is the app flow
[Native app] -> [Web View] <-> API server(response cookies)
Related
Trying to figure out why a cookie that was created by postman does not work in rails request.
Here is the structure:
Rest API - web.abc.com/api
website - web.abc.com (Ruby on rails. no JS framework)
Webapp - web.abc.com/admin (ReactJS app)
So now, authentication happens on the (Rails app - website), API then returns a cookie. The cookie is then set in the browser and user is logged in. We then use rails (rest-client) gem and send the cookie back to the API on requests and all works well.
Problem is, the same cookie (session) does not work on the react app. the cookie is sent to the API but does not work. However, if we authenticate using postman, then copy the cookie value and paste it into the browser (cookie value), the react app works BUT not on the website.
So in a nutshell. If the cookie is set from Rails app, it works on the website but not on the react app. If we authorize with postman and past the cookie value in the browser (replacing the cookie value), it does not work on the website, but works on the react app.
what am i missing?
I'm running a shared KMM module with Ktor http client. I'm noticing that when I set a cookie on the iOS native side via NSHttpCookieStorage that my Ktor HttpClient doesn't pick up the new cookie. If the server responds with a SetCookie header, that works fine. The problem is when I set the cookie manually on the iOS side. I have my client setup with this:
install(HttpCookies) {
storage = AcceptAllCookiesStorage()
}
How does Ktor sync with the iOS NSHttpCookieStorage and is there a way to force it to sync? Hopefully I don't need to create an entirely new HttpClient anytime I want the cookies to sync.
I wrote a simple web application that uses a login cookie to authenticate users. The login cookie is configured with max time to remain valid 15 days. Unfortunately, safari on iOS keeps erasing the login cookie after a day which requires that the user logs in again. This yields a bad user experience.
Here is an example of cookie header value sent by my web app server. The value, which is not relevant for this question, is secured with encryption and hash value.
Set-Cookie: login=AaC64ZMlykIEakiuXBlszJWhPdeFaMAex1DvzU7hD8Ho24TUQNUJBXG1M_m96DKJ-b4YSPCO; Path=/; Domain=www.example.com; Max-Age=1296000; HttpOnly; Secure; SameSite=Strict
No CORS header value is set.
I choose to use a login cookie because it is safer than storing some information in the local storage which can be accessed by any JavaScript code. It is safer when using the HttpOnly and Secure options with https of course.
What can I do to get a persistent login with a web app on safari iOS ?
If you're worried that saving cookies in the local storage is not safe, just use NSKeychain -- a system level local storage on iOS platform.
I have a client - server application. Client (iOS application) has to download content from the server. Is it possible to determine if request is from the application downloaded from the App Store of just regular request (should be dropped)? Is exists a possibility to avoid hardcoded credentials in the application?
Thanks
I want to support third-party cookies in an iOS application using WKWebView. Is there any way to support third-party cookies when the user has blocked all cookies in Safari's settings (Settings -> Safari -> Block Cookies -> Always)?
I have tried saving all cookies from the response and sending them in the request but it did not help.