67
votes

I've been trying to achieve the goal of having a unique (not shared) cookie jar per WebView in macOS (cookies management works different for iOS).

After reading a lot of StackOverflow questions and digging through the docs, I found the closest solution to my problem in these articles:

I have set up an example app using them: https://github.com/jjconti/swift-webview-isolated

The basic idea is to implement the necessary methods from the WebResourceLoadDelegate and WebPolicyDelegate protocols and use BSHTTPCookieStorage to store and retrieve cookies. Additionally, my example app allows saving the cookieStorage object so it can be reloaded in future executions.

Unfortunately, the app doesn't work correctly in every website (the author of the articles was targeting one particular web site). For example Gmail and NewRelic, you're immediately logged out after login (or after doing some actions). That makes me suspect a bug in the cookie storage implementation which I haven't been able to find yet.

Could someone tell me if there's something I'm missing?

1
I just tried your sample and am able go log-in Gmail, navigated around different labels and Gmail setting. Also going to a different page and then back to Gmail requires no new log-in. What action did you do to get logged out?catlan
In the current state of the sample you get a red labeled message saying your're not logged in (but you are) and chat doesn't load. If you uncomment this line (github.com/jjconti/swift-webview-isolated/blob/master/…) to enable document.cookie cookies processing, you'll be logged out after login.Juanjo Conti
I think the issue might be with when you are calling handleWebscriptCookies. Tried calling it once all the frames have finished loading instead of only before the NavigationActiontokudu
WebKit.framework does not provide a separate cookie handling solution. It uses the default Shared Cookies. If you need to have separate cookies you will have to find something else somebody already wrote or roll your own. No simple task.uchuugaka
@subzero we actually did. Here we explain how screensaver.ninja/2015/12/04/…Juanjo Conti

1 Answers

1
votes

The problem is there are no JS level cookie isolation. document.cookie still point to the shared cookie jar. To implement a true cookie isolated webview, you must override the cookie property of document.

You may try my implementation: http://cyyuen.github.io/ADCookieIsolatedWebView

It works for the site using document.cookie to get the cookie such as Dropbox.com. However, the setter is not implemented.