WKWebView Persistent Storage of Cookies

haplo1384 picture haplo1384 · Sep 29, 2016 · Viewed 34.8k times · Source

I am using a WKWebView in my native iPhone application, on a website that allows login/registration, and stores the session information in cookies. I am trying to figure out how to persistently store the cookie information, so when the app restarts, the user still has their web session available.

I have 2 WKWebViews in the app, and they share a WKProcessPool. I start with a shared process pool:

WKProcessPool *processPool = [[WKProcessPool alloc] init];

Then for each WKWebView:

WKWebViewConfiguration *theConfiguration = [[WKWebViewConfiguration alloc] init]; 
theConfiguration.processPool = processPool; 
self.webView = [[WKWebView alloc] initWithFrame:frame configuration:theConfiguration];

When I log in using the first WKWebView, and then some time later pass the action to the 2nd WKWebView, the session is retained, so the cookies were successfully shared. However, when I relaunch the app, a new process pool is created and the session information is destroyed. Is there any way to get the session information to persist through an app restart?

Answer

Gero picture Gero · Oct 6, 2016

This is actually a tough one because there's a) some bug that's still not solved by Apple (I think) and b) depends on what cookies you want, I think.

I wasn't able to test this now, but I can give you some pointers:

  1. Getting cookies from NSHTTPCookieStorage.sharedHTTPCookieStorage(). This one seems buggy, apparently the cookies aren't immediately saved for NSHTTPCookieStorage to find them. People suggest to trigger a save by resetting the process pool, but I don't know whether that reliably works. You might want to try that out for yourself, though.
  2. The process pool is not really what saves the cookies (though it defines whether they are shared as you correctly stated). The documentation says that's WKWebsiteDataStore, so I'd look that up. At least getting the cookies from there using fetchDataRecordsOfTypes:completionHandler: might be possible (not sure how to set them, though, and I assume you can't just save the store in user defaults for the same reason as for the process pool).
  3. Should you manage to get the cookies you need (or rather their values), but not be able to restore them as I guess will be the case, look here (basically it shows how to simply prepare the httprequest with them already, relevant part: [request addValue:@"TeskCookieKey1=TeskCookieValue1;TeskCookieKey2=TeskCookieValue2;" forHTTPHeaderField:@"Cookie"]).
  4. If all else fails, check this. I know providing just link only answers is not good, but I can't copy all that and just want to add it for completeness sake.

One last thing in general: I said that your success might also depend on the type of cookie. That's because this answer states that cookies set by the server are not accessible via NSHTTPCookieStorage. I don't know whether that's relevant to you (but I guess it is, since you're probably looking for a session, i.e. server-set cookie, correct?) and I don't know whether this means that the other methods fail as well.

If all else fails, you might consider saving the users credentials somewhere (keychain, for example) and reuse them on the next app start to auth automatically. This might not restore all session data, but considering the user quit the app that's maybe actually desirable? Also perhaps certain values can be caught and saved for later use using an injected script, like mentioned here (obviously not for setting them at start, but maybe retrieve them at some point. You need to know how the site works then, of course).

I hope that could at least point you towards some new directions solving the issue. It's not as trivial as it should be, it seems (then again, session cookies are kind of a security relevant thing, so maybe hiding them away from the App is a conscious design choice by Apple...).