Secure cookies are lost when the Cordova iOS App is closed

Question

I am using Cordova (PhoneGap) and cordova-plugin-ionic-webview to use the fine tuned Ionic Engine (that uses WKWebview).

I am able to use secure and httponly Auth Cookies in order to Log In and everything works while I'm using the iOS App. When I close the App though the cookies are lost.

How can I prevent this?

This issue is not there on Android (and the localStorage correctly keeps its state on both platforms).

Still unsolved issue on their Github: https://github.com/ionic-team/cordova-plugin-ionic-webview/issues/87

Answer 1

I think by default it now seems to install WKWebView on ionic or cordova projects, at least in my case anyway (it appears as a plugin in the plugins folder). So I uninstall the plugin and added this line into my config.xml:

<preference name="CordovaWebViewEngine" value="CDVUIWebViewEngine" />

I then set this globally for my HTTP provider:

$httpProvider.defaults.withCredentials = true;

or this can be done this way for each HTTP requests you have:

$http.post(url, {withCredentials: true, ...})

I then set this on my .php/server files:

header("Access-Control-Allow-Origin: http://localhost:8100"); // make sure this is the same on the client side
header("Access-Control-Allow-Headers: content-type,authorization");
header("Access-Control-Allow-Credentials: true");

The fixes mentioned above allows me to keep the same cookies/session throughout each page/requests in my application.

I hope this helps.

Edit:

From what I could find when I was having this issue, there was no way of persisting the cookies/session using WKWebView as Apple has not added a fix (I could be completely wrong, it's just what I found at that point. I think you either had to revert back to UIWebView or use a different method entirely.