sharing-cookies | Demo app for blog post | iOS library
kandi X-RAY | sharing-cookies Summary
kandi X-RAY | sharing-cookies Summary
This code is a demo of sharing applications "login sessions" across servers. writer is our "auth" server (just sets a cookie) and reader is our "application server" (reads that cookie, bars non-logged-in users from access). This demo follows a blog post here:
Support
Quality
Security
License
Reuse
Top functions reviewed by kandi - BETA
Currently covering the most popular Java, JavaScript and Python libraries. See a Sample of sharing-cookies
sharing-cookies Key Features
sharing-cookies Examples and Code Snippets
Community Discussions
Trending Discussions on sharing-cookies
QUESTION
tl;dr; see the question below
In my app, I have a login that uses SFSafariViewController and ASWebAuthenticationSession that follows the OAuth 2.0 flow (Using the AppAuth library).
The login works and the cookies are shared with Safari as expected. Thanks to the cookie sharing, users are automatically logged-in if they use the Safari app.
However, back in the app, if I launch a SFSafariViewController again, the cookies are missing. This surprises me, because I thought the cookie Store is the same for SFSafariViewController and Safari, and it clearly worked in the direction from SFSafariVC to the Safari app during login. Is it intended not to work the other way round - from Safari to SFSafariViewController, or is it a bug?
I have not found clear statements in the documentation. Of course I have not set ephemeral session to true, but according to the documentation it would do the opposite of what I want to achieve:
I've also found somehow related radars like http://www.openradar.me/33323462 and http://www.openradar.me/radar?id=5036182937272320 or this stackoverflow post: Why is SFSafariWebViewController not sharing cookies with Safari properly? but they do not answer my question.
According to this comment it could work if the cookies have an expiry date (set to a future date). I verified the cookies - they all have a future expiry date.
My question: Am I doing something wrong, or is this expected behaviour, that SFSafariViewController does not get cookies from an earlier SFSafariViewController instance in the same app or from Safari?
...ANSWER
Answered 2020-Jul-21 at 21:36REQUIREMENTS
So it seems you want a solution to invoke secured web content from a mobile app, and to avoid an extra login. It is a common requirement and I will be adding some stuff to my blog on this topic over the next month or so.
STATE OF THE INDUSTRY
The problem with the above is that third party cookies, such as those issued by Identity Providers, are often dropped by default these days due to browser security initiatives such as Intelligent Tracking Prevention changes - which is ON by default in Safari:
COOKIE PROPERTIES
Worth checking that your cookies are issued with SameSite=None, which will give you the best options for a third party cookie based solution.
MOBILE FIRST DESIGNS
In an OAuth world, in order to meet the requirements, it is likely to be necessary to send a token from the mobile UI to the web UI, which of course has prerequisites that need to be designed for:
- Web UI must use tokens
- Web UI must use different strategies for token handling depending on the host
OPTION 1
One option is to use a mobile web view to show the web content - see my code below:
OPTION 2
Another option is to send something representing the token in a query string parameter from the mobile app to the Web UI, in which case you need to ensure that:
- No usable tokens are recorded in web server logs
- The token has a one time use only
A typical implementation would look like this:
- Mobile UI calls an /api/token/encrypt endpoint
- API stores a token hash in a database and returns an encrypted value with a short time to live
- Token is sent from the Mobile App to the Web UI
- Web UI calls an /api/token/decrypt endpoint to get the real token
- The API's decrypt implementation deletes the database entry
QUESTION
I am trying to share the authentication cookie between three web applications set up under single website in IIS. The first two are both .NET Core 2.1 applications and Im struggling to even get them to share it. My problem is the same as
Sharing Cookies Between Two ASP.NET Core Applications
but I cant get it to work in my environment. I have read "Sharing cookies among apps with ASP.NET and ASP.NET Core." and downloaded the "Cookie Sharing App Sample" and got it working (as the third app is ASP.NET) and now my code in StartUp.cs looks like this in both the 2 .NET Core applications
...ANSWER
Answered 2018-Aug-18 at 22:16Try setting the cookie path value as below. By default it'll be restricted to App1 or App2 (my experience).
Community Discussions, Code Snippets contain sources that include Stack Exchange Network
Vulnerabilities
No vulnerabilities reported
Install sharing-cookies
Support
Reuse Trending Solutions
Find, review, and download reusable Libraries, Code Snippets, Cloud APIs from over 650 million Knowledge Items
Find more librariesStay Updated
Subscribe to our newsletter for trending solutions and developer bootcamps
Share this Page