ASWebAuthenticationSession cookie

User1(Android) and User2(iOS) are logging into the mobile application. User1 successfully logs into the application. Later when user2 logs in, he sees User1's details. The request flows to the server in below structure: Mobile hybrid app (Cordova plugin, Temenos UXP) -> GTM -> LTM -> LBs ->DC1/2 server Is there any possibility that two sessions getting overlapped with user details (Local storage/Session storage getting mixed) ? Is there any possibility of data overlapping at the cookie/cache level ? User 1 (android) logs in and after few minutes user 2 (iOS) logs in, before user 2 (iOS) logs in, User 2 is able to see user 1 details. Is it somewhere needs to checked at OS/Web browser/Plugins/Dependencies other than session level ?

Environment details: MacbookPro, Ventura 13.0.1 XCode 14.1 I’m trying to use ASWebAuthenticationSession to implement OAuth2 for a MacOS application. When Chrome is my default browser, starting a session crashes the application. When either Firefox or Safari are the default browser, starting a session launches Safari with the login page. After logging in, instead of redirecting back to the application and invoking my session handler, a 404 page is displayed. Also displayed is a banner near the top of the window, containing an open button and instructions: “Open in the MyApp app”. Clicking the button redirects back to the app, and the OAuth received by the application:continueUserActivity:restorationHandler: method that I implemented in NSAppDelegate for Universal links. My session handler never receives the OAuth response or an error. Is there a solution or workaround for this? Thanks for any help.

Hi! I'm facing the following issue in different versions of Safari: When removing cookies via PHP on log out of an application I can see that the Safari Developer Tools > Storage > Cookies (of the website) removes the cookies from the list. So my user cookie is no longer there as expected, all good. However, if I run document.cookie on the console or document.cookie.includes('user') I can see the cookie listed there. I would expect the document.cookie to be updated with the Storage tab as it happens on the other browsers. Does anyone know why is this happening? Is there anything special that must be done for Safari to remove the cookie from there? This behaviour is consistent in versions v14, v15 and v16 of Safari. Thank you for your time. Regards, Borja.

I submitted my app for review for the third time and it was rejected for the third time. This is cited as the reason for rejection. But I don't want to disable user login because I'm sure this will cause some security problems. How can I overcome this problem. Guideline 5.1.1 - Legal - Privacy - Data Collection and Storage We noticed that your app requires users to register or log in to access features that are not account based. Apps may not require users to enter personal information to function, except when directly relevant to the core functionality of the app or required by law. For example, an e-commerce app should let users browse store offerings and other features that are not account based before being asked to register, or a restaurant app should allow users to explore the menu before placing an order. Registration must then only be required for account-specific features, such as saving items for future reference or placing an order. Next Steps To resolve this issue, please revise your app to let us

Hi everyone, I am trying to download Xcode from command line the following way: wget --certificate=certificate.pem --private-key=private-key.pem --server-response https://download.developer.apple.com/Developer_Tools/Xcode_13.3.1/Xcode_13.3.1.xip --no-check-certificate --load-cookies=cookies.txt I am getting the following error: HTTP request sent, awaiting response... 302 Moved Temporarily Location: https://developer.apple.com/unauthorized/ I have the certificate and private key from developer.apple.com and I am using them for authentication(correct me if I am wrong and they cannot be used for authentication). From several forums I found that the error regarding authorization could also be from cookies, so I got the cookies. Still the same error. I need the download of Xcode to be done from command line so that I can then automate the procedure using ansible playbooks (basically for the purpose of downloading and installing it on multiple mac machines.) Please, if the approach is ent

According to rfc-6265, The user agent will reject cookies unless the Domain attribute specifies a scope for the cookie that would include the origin server. but in iOS, I can save cookies even the Domain attribute is different to server. Below is my code for cookie in HTTPCookieStorage.shared.cookies ?? [] { HTTPCookieStorage.shared.deleteCookie(cookie) } let urlString = http://aa.bbb.net/bb/cc let cookie = HTTPCookie.cookies(withResponseHeaderFields: [Set-Cookie: key1=value1;Domain=baidu.com], for: URL(string: urlString)!) HTTPCookieStorage.shared.setCookie(cookie.first!) for cookie in HTTPCookieStorage.shared.cookies ?? [] { print(cookie) } let getCookie = HTTPCookieStorage.shared.cookies(for: URL(string: http://www.baidu.com/bb/cc)!) print(getCookie) In the above code, I can successfully get my cookie “key1=value1”，this should be wrong？What confuses me is how do I fix this？

Hi team, I'm troubleshooting some weird authentication issues within my website where I offer Signin with Apple option. Basically, after the user does Apple login, I have this script to update the location URI of the window opener back to my origin domain. But this line of the script is working correctly when login is launched in a browser such as Safari or Chrome, and it just got ignored when launched from a WebView within an application, and it can only be reproduced since iOS 15.5+. Here is some more context for comparison: Request from Safari: POST /callbackApple HTTP/1.1 Host: signin.example.com Content-Type: application/x-www-form-urlencoded Origin: https://appleid.apple.com Accept-Encoding: gzip, deflate, br Cookie: _ga=GA1.3.1679051778.1669664368; _gat=1; _gid=GA1.3.1808016405.1669664368; signin-cookie=5ce93a47904daa5e; _abck=F930E04300E8E8AB552C14541A40AD3C~0~YAAQmZTYF7CO3fCBAQAAZkOmHQha0qNYdbsfcZ4zEtwsjoRST+T+DNTMb5+E9uL8OvEL3YA0K0Tn7xS+OKoGPGib5rmpBOZVQq1+XoPEFJOij8Ao8mMKrvztGMN0H

I see 24 hours report completely broken and unreliable in AppStoreConnect Sales & Trends for more than a month. When I submit a complain, all they say is clear cookies and caches and restart the browser. Either the complain is not forwarded to engineering or engineering is not acknowledging the issue.

Safari looses session cookies, so after some time (15-30 minutes) I have to login again. This happens for all my synced tabs with iOS and happens even if I use only macOS. It’s very annoying because I have to login again in a lot of services, multiple times a day.