cordova-plugin-ionic-webview icon indicating copy to clipboard operation
cordova-plugin-ionic-webview copied to clipboard

Published 20 hours ago verified publisher icon ionic-team

Cookies with maxAge Set Do Not Persist

Open doverdb12 opened this issue 6 years ago • 7 comments

I am attempting to use an httpOnly cookie with the maxAge property set in order to persist a session even when the app is restarted. I'm finding that the cookie disappears on app closure. Most posted fixes for this out there recommend the use of localStorage, which is definitely a bad idea for an auth cookie. I am not having this issue in Android, so I suspect it's WKWebView that's the issue.

doverdb12 avatar Apr 02 '18 21:04 doverdb12

Same here, using this plugin cookies works fine on Android but not on iOS.

williamhilldevs avatar Feb 02 '19 08:02 williamhilldevs

@gabriele-bjss Have you found a solution?

allanevargas avatar Feb 07 '19 16:02 allanevargas

@aecvargas nope. I installed this plugin in my Cordova project and (any type of) cookies are correctly set only once every 10 or 20 times. I had to revert to the default (and much slower) UIWebView in order to unblock development. I had the same issue using the non-ionic solution for WKWebView. Soon I will prepare a simple POC with a basic demo app so that contributors may be able to debug the issue.

williamhilldevs avatar Feb 09 '19 15:02 williamhilldevs

@gabriele-bjss How did you revert to UIWebView? When I installed the ios platform via cordova/ionic commands, by default it installed WKWebView.

allanevargas avatar Feb 11 '19 09:02 allanevargas

I use Cordova not Ionic. I eventually managed to make authentication cookies work (it was likely a backend issue). Cookies though still do not persist after closing the App so I have the same issue.

@doverdb @aecvargas did you eventually solve this?

( Also raised on stackoverflow )

gabriele-sacchi avatar May 15 '19 20:05 gabriele-sacchi

@gabriele-sacchi

Hi,

Yes, I did. I'll try and accurately recall how I solved it.

I think by default it now seems to install WKWebView on ionic or cordova projects, at least in my case anyway (it appears as a plugin in the plugins folder). So I uninstall the plugin and added this line into my config.xml:

<preference name="CordovaWebViewEngine" value="CDVUIWebViewEngine" />

I then set this globally for my HTTP provider:

$httpProvider.defaults.withCredentials = true;

or this can be done this way for each HTTP requests you have:

$http.post(url, {withCredentials: true, ...})

I then set this on my .php/server files:

header("Access-Control-Allow-Origin: http://localhost:8100"); // make sure this is the same on the client side
header("Access-Control-Allow-Headers: content-type,authorization");
header("Access-Control-Allow-Credentials: true");

The fixes mentioned above allows me to keep the same cookies/session throughout each page/requests in my application.

I hope this helps.

Edit: From what I could find when I was having this issue, there was no way of persisting the cookies/session using WKWebView as Apple has not added a fix (I could be completely wrong, it's just what I found at that point. I think you either had to revert back to UIWebView or use a different method entirely.

allanevargas avatar May 16 '19 13:05 allanevargas

@gabriele-sacchi Did you find solution to your problem? In my case, both android and ios are not persisting the cookies. In every next http request, a new session cookie is added. And not all the cookies are maintained except session cookie (which is also changing on every request).

I would be grateful if anyone else in this issue, can help me find solution.

razam217 avatar May 12 '20 09:05 razam217