I'm trying to find out if it's safe to use cookies for authentication on my hybrid iOS app.
Cookies get set by this code snippet (from the capacitor project).
public func setCookie(_ url: URL, _ key: String, _ value: String, _ expires: String?, _ path: String?) {
let jar = HTTPCookieStorage.shared
let field = ["Set-Cookie": "\(key)=\(value); expires=\(expires ?? ""); path=\(path ?? "/")"]
let cookies = HTTPCookie.cookies(withResponseHeaderFields: field, for: url)
jar.setCookies(cookies, for: url, mainDocumentURL: nil)
syncCookiesToWebView()
}
Is there any mechanism in iOS which will remove cookies from the HTTPCookieStorage before the cookie expires? Or is there some kind of max life time?