Why doesn't NSHTTPCookieStorage save cookies correctly?

4
votes

I'm having some weird problems with NSHTTPCookieStorage in my iPhone app. When I invoke the login action on my web service, the service sends back an auth cookie named "auth" as well as some other cookies.

When I log the user out, I call a logout action on the server which removes the cookies. If I print the result of [NSHTTPCookieStorage cookies] before calling logout, I see the auth cookie as expected. After I log out, I see that the auth cookie is no longer there (as expected).

However, if I close the application and restart it, the auth cookie is back!

I'm not sure what's going on here. It would be one thing if NSHTTPCookieStorage simply didn't persist any cookies, but it appears to be saving some of them.

Does anyone know what's happening? Do I need to manage cookies manually? Is there some way to commit what's in NSHTTPCookieStorage to disk?

3
iphonecookies
I'm also seeing related behavior where if I receive a cookie from a web request, confirm it exists, and then close the application a few seconds afterward (and remove it from the background tray), the cookie isn't there when I start the application up. It's not consistent however.Ari Braginsky
abraginsky: Unfortunately, that's what I was seeing too. I resolved the issue by keeping the relevant cookies in NSUserDefaults and filling in NSHTTPURLCookieStorage from the user defaults at app startup. It gets the job done, but it would be nice to figure out what's wrong with NSHTTPCookieStorage.Bill
Yeah I saw the same workaround and am currently working to implement it as well. Need to make sure that NSUserDefault is being updated with the cookies quick enough before a user terminates the app from the background tray. Putting it in "will terminate" won't work since this isn't being called (at least in the simulator).Ari Braginsky
After doing a little digging it seems that this bug cropped up with OSX Safari back in 2007. lists.apple.com/archives/macnetworkprog/2007/Apr/msg00001.htmlAri Braginsky
Saving cookies to NSUserDefaults as they are first seen (either newly created, existing updated, or existing expired cases) and then restoring from NSUserDefaults on first startup fixed the issue for me as well. The expired cookie case is tricky since the cookie will most likely no longer exist in the cookie storage and thus should be removed from NSUserDefaults.Ari Braginsky

3 Answers

1
votes

There are three local storage mechanisms related URL requests that have an effect to how authentication challenges are handled: (obviously) NSHTTPCookieStorage, NSURLCredentialStorage and NSURLCache. NSURLCredentialStorage is probably the next place you should be looking at, but clearing all the caches is generally considered the surest way to have the effect that you want.

This snippet is handy: https://gist.github.com/559071 (clears all the caches).

0
votes

Nick, I am assuming you are building on the IOS 4.x SDK with XCode 3.x. This may be a long shot, but you mentioned that you close the application and then start it back up again. As of IOS 4.x, multi-tasking is enabled by default on iPhone Apps. That means that whether you want it or not, your app will stay in memory if you simply close it as normal. The way to defeat this is go into your app-name-Info.plist and add the "Application does not run in the background" key to the list. Then place a check in the checkbox. I would recommend that you do a full clean and build at this point after saving your project. Also, would recommend that if you are running in the simulator that you completely reset the simulator by choosing "iPhone Simulator" and then "Reset Content and Settings" from the application drop-down menu.

0
votes

I also faced the same problem and I solved it by using NSUserDefaults.

Please refer to this link.