Webapp does not share cookies with Safari in iOS7

Any progress on this subject ?

We have the same issue.

Maybe this will be fixed in 7.1 ?

I have the same problem. I'm going to try saving the cookie values in local storage, and restoring them if missing. Since the first hit to the server won't have the cookies, I will probably try to use a cached page (sort of a splash screen, with the app logo) to first check for and and if necessary set the cookies, before forwarding to the actual page. I just have to figure out how to be able to get them to add the splash page to their home screen, instead of the final page... to do so, it may have to be all one page, which uses javascript to swap out the splash page DOM every time (but that's easy for me, because I just finished refactoring the app to work that way for other reasons).

Well, that was silly, because obviously the local storage is going to be separate, too, and it makes sense that it would be.

A nice feature would be "installation storage" (distinct from localStorage and sessionStorage), to allow the installing page to communicate setup info to the web app (or, alternately, copy over the local storage at install time, and let the app do whatever it wants with it).

The only solution I can think of now for authentication is to encrypt the credentials, add them as a get parameter on the page to be installed, and use local storage to decide if that parameter should be used or ignored (if the credentials don't exist in local storage, get them from the get parameter).

?

They get to your page, I presume, by clicking a link, so you can structure the href in the link to include the encrypted credentials parameter you want to use. You have complete control over the URL that they are being told to add to their home screen. [If you wanted to, you could use javascript and a window.location change, but I'm not sure I see the point. You could also add this credential as a hashtag reference instead of a get parameter, either via javascript or not, but again, I'm not sure there's much point to that.]

For a very secure application, however, it's a little dangerous, because anyone else can use those same encrypted parameters on an installed iphone app, as well as being able to look at your code to see how you decrypt them (unless you decrypt them only on the server side).

For my app, security is minimal and there's no risk, but this isn't a very good solution for a proper app.

A better option might be to create a one-use credential on the server side, and to add a reference to that as a parameter in the link to the iPhone web app page. When the iphone app is installed and first run outside of Safari (window.navigator.standalone is true), then you can use the one-use credential parameter to look up the credentials, log the user in, and delete the one-use credential on the server side so it can never be used again.

Of course, your app will still require a way for the user to log back in somehow, but this would take care of a first time automatic logi in, and further communication could get credentials from the server into the web app's local storage, for future automatic log in, if you feel secure in doing so.