Some context:
This is a rails
4.2 web app using devise
and omniauth-facebook
which sets true
for apple-mobile-web-app-capable
From a URL in Safari, users can add the web app to their iOS device's home screen.
The issue here is that when users login w/ Facebook for the second time, it authenticates with the same user as before, even if the user logged out from the web app and from Facebook in Safari.
In other words, once you login with Facebook, the web app(UIWebView), applies the same credentials every time. Regardless of your Facebook's current user in Safari or if you logged out from the web app.
That happens even if the web app - UIWebView got removed from the iOS device's home screen.
This functionality works fine from browsers - Safari, Mobile Safari, and Chrome.
I found that Safari and UIWebView save data in different places, but not sure how to access UIWebView data (cookies/session/credentials) to remove it.
I would like to do that via JavaScript. However, I'm open to other options. Just please take in consideration that this is a Rails app.
The code:
Gemfile
gem "rails", "~> 4.2"
gem "devise", "~> 3.5"
gem "omniauth-facebook", "~> 3.0"
application.html.haml
%head
%meta{ name: "apple-mobile-web-app-capable", content: "yes" }/
view (HAML)
= link_to destroy_user_session_path, method: :delete do
.css_classes Sign Out
sessions_controller.rb - from Devise
def destroy
super
cookies.clear
end