Does Alamofire store the cookies automatically?

35
votes

I'm new to Alamofire so I'm sorry if this it's a noob question: this framework stores the cookies automatically?

This is because I have a simple request like this:

Alamofire.request(.POST, loginURL, parameters: ["fb_id": fbId, "fb_access_token": fbToken])
         .responseJSON { response in
             //print(response.request)  // original URL request                          
             //print(response.response) // URL response
             //print(response.data)     // server data
             //print(response.result)   // result of response serialization

             if let JSON = response.result.value {
                 print("loginURL - JSON: \(JSON)")
             }
         }

this request response with a cookie session that I need to do other requests for security reason; the strange thing is that like magic I already can do the other requests after this first POST without read manually the cookie and store it. I'm sure the other requests need the cookie session because they fail on postman for example but not here.

It's just a feature? Because I can't find anything on that also on the official GitHub page.

2
iosswiftpostcookiesalamofire

2 Answers

55
votes

Yes! Alamofire is basically a wrapper around NSURLSession. Its manager uses a default NSURLSessionConfiguration by calling defaultSessionConfiguration().

As its github page says under Advanced Usage section:

Alamofire is built on NSURLSession and the Foundation URL Loading System. To make the most of this framework, it is recommended that you be familiar with the concepts and capabilities of the underlying networking stack.

And under Manager section:

Top-level convenience methods like Alamofire.request use a shared instance of Alamofire.Manager, which is configured with the default NSURLSessionConfiguration.

And the NSURLSessionConfiguration reference for defaultSessionConfiguration() says:

The default session configuration uses a persistent disk-based cache (except when the result is downloaded to a file) and stores credentials in the user’s keychain. It also stores cookies (by default) in the same shared cookie store as the NSURLConnection and NSURLDownload classes.

1
votes

For those who use Moya and want to disable stored cookies

(fixing the X-CSRF-Token request header is missing)

Very basic example:

public final class DisableCookiePlugin: PluginType {
    public init() {

    }

public func prepare(_ request: URLRequest, target: TargetType) -> URLRequest {            
            var mutableRequest = request            
            mutableRequest.httpShouldHandleCookies = false
            return mutableRequest            
    }
}

And then use it

MoyaProvider<Api>(
                    plugins: [
                        //NetworkLoggerPlugin(configuration: .init(logOptions: .verbose)),
                        DisableCookiePlugin()
                    ]