NSURLConnection Return Cached Response Even After Resetting Authorization Heder

Question

So this is the use case.

1. Application Run, Authorization Header is set to nil. You get fresh data.

   [_request setValue:nil forHTTPHeaderField:@"Authorization"];

2. User login, After that all the requests to server are send with Authorization Header like this.

   [_request setValue:[NSString stringWithFormat:@"TRUEREST username=%@&session_token=%@&apikey=1234567890",@"username",@"session_token"] forHTTPHeaderField:@"Authorization"];

3. Now I log out and now every request goes with Authorization Header nil value.

   [_request setValue:nil forHTTPHeaderField:@"Authorization"];

But I am still getting response as if I am logged in user? Any idea what's the issue?

Request to the server is made using as follows

[NSURLConnection sendAsynchronousRequest:_request
                                           queue:[NSOperationQueue mainQueue]
                               completionHandler:^(NSURLResponse *response, NSData *data, NSError *error) {}];

I have tried to make NSMutableURLRequest in following 2 ways.

    _request = [NSMutableURLRequest requestWithURL:url];

    _request = [[NSMutableURLRequest alloc] initWithURL:url
                                                                cachePolicy:NSURLRequestReloadRevalidatingCacheData
                                                            timeoutInterval:60];

Answer 1

You might disable the use of cookies before you use the request:

[_request setHTTPShouldHandleCookies:NO];

Alternatively, delete any cookie - or the relevant cookie - form the NSHTTPCookieStorage singleton.

However, you could greatly improve your code using NSURLConnection implementing the delegate connection:willSendRequestForAuthenticationChallenge: where you are able to fully customize authentication handling.

Answer 2

Looks like a server problem. The server should send response header telling the URL loading system to not cache the response.