Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

Webapp does not share cookies with Safari in iOS7

We use Safari to store authentication cookies for our webapp. The user will go to our site and authenticate themselves, then create an bookmark in their home screen. When starting the webapp from the home screen, the cookies that was saved in Safari are no longer accessible in iOS7. This cause the user to have to go through the authentication process again. This was working in iOS6 up until upgrading to iOS7.

iPhone, iOS 7

Posted on Sep 27, 2013 12:34 PM

Reply
7 replies

Jan 31, 2014 8:01 AM in response to saint16888

I have the same problem. I'm going to try saving the cookie values in local storage, and restoring them if missing. Since the first hit to the server won't have the cookies, I will probably try to use a cached page (sort of a splash screen, with the app logo) to first check for and and if necessary set the cookies, before forwarding to the actual page. I just have to figure out how to be able to get them to add the splash page to their home screen, instead of the final page... to do so, it may have to be all one page, which uses javascript to swap out the splash page DOM every time (but that's easy for me, because I just finished refactoring the app to work that way for other reasons).

Jan 31, 2014 11:36 AM in response to Resident Wizard

Well, that was silly, because obviously the local storage is going to be separate, too, and it makes sense that it would be.


A nice feature would be "installation storage" (distinct from localStorage and sessionStorage), to allow the installing page to communicate setup info to the web app (or, alternately, copy over the local storage at install time, and let the app do whatever it wants with it).


The only solution I can think of now for authentication is to encrypt the credentials, add them as a get parameter on the page to be installed, and use local storage to decide if that parameter should be used or ignored (if the credentials don't exist in local storage, get them from the get parameter).

Jan 31, 2014 11:55 AM in response to saint16888

?


They get to your page, I presume, by clicking a link, so you can structure the href in the link to include the encrypted credentials parameter you want to use. You have complete control over the URL that they are being told to add to their home screen. [If you wanted to, you could use javascript and a window.location change, but I'm not sure I see the point. You could also add this credential as a hashtag reference instead of a get parameter, either via javascript or not, but again, I'm not sure there's much point to that.]


For a very secure application, however, it's a little dangerous, because anyone else can use those same encrypted parameters on an installed iphone app, as well as being able to look at your code to see how you decrypt them (unless you decrypt them only on the server side).


For my app, security is minimal and there's no risk, but this isn't a very good solution for a proper app.


A better option might be to create a one-use credential on the server side, and to add a reference to that as a parameter in the link to the iPhone web app page. When the iphone app is installed and first run outside of Safari (window.navigator.standalone is true), then you can use the one-use credential parameter to look up the credentials, log the user in, and delete the one-use credential on the server side so it can never be used again.


Of course, your app will still require a way for the user to log back in somehow, but this would take care of a first time automatic logi in, and further communication could get credentials from the server into the web app's local storage, for future automatic log in, if you feel secure in doing so.

Webapp does not share cookies with Safari in iOS7

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.