Dear experts,
We have an hybrid application built with cordova for both iOS and Android platforms. The app was successfully running until the devices were upgraded(from iOS 9) to latest.
We perform login to backend server using normal ajax call and in the response the Cookie is read and send in subsequent requests.
We are using Set-Cookie to achieve SSO, though we can see Set-Cookie in repsonse headers via debug, When I try jqHR.getAllResponseHeaders() method all the values except 'Set-Cookie' can be seen in console.
Code snippet to perform login and utilize cookie received in response is as below.
jQuery.ajax({
headers : {
"X-Requested-With" : "XMLHttpRequest",
"Content-Type" : "application/json",
"DataServiceVersion" : "2.0",
"X-CSRF-Token" : "Fetch",
"Authorization" : "Basic "+ Base64.encode(username+":"+password),
"Access-Control-Allow-Credentials": "include"
},
type : "GET",
url : util.Models.serviceURL,
timeout : 60000,
dataType : "json",
success : function(data,textStatus, jqXHR) {
//Set Cookie from response for further requests. Required for POST requests.- important do not comment
if(jqXHR.getResponseHeader('Set-Cookie')) {
var cookie = jqXHR.getResponseHeader('Set-Cookie');
setCookie("MYSAPSSO2",cookie,30);
}
}
});Below are the Request and response headers:
As ‘set-cookie’ value is restricted , we are unable to achieve SSO.
Solutions tried:
- Added “Access-Control-Allow-Credentials” and few more headers
- Installed cookieMaster plugin
- Modified jqXHR request to XMLHttpRequest
P.S: Application is working fine in android, iOS<10.