Cookies in iOS — Sharing Cookies -NSHTTPCookieStorage (Part 2)
This article is Part 2 of the Cookie Story in iOS.
Part 1 was more about basics of the Cookie and how a cookie can be created in iOS and stored in the cookie storage. But that did not cover sharing a cookie across different apps.
You can read that article here.
This part focuses largely on storing the cookie in the cookie storage and also sharing it across different apps for usage.
In this post, we will try to dive deep into the storage and sharing of the cookie across apps.
Hypothetical Use Case:
User signed into App A using Single Sign On (SSO) credentials (behind the scenes a SSO Cookie is obtained). Now user wants to access App B, which also gives user access to some of the SSO protected resources.
It would not be a great user experience to repeatedly ask for same credentials from the user. So for a better experience, we need to some how use the SSO Cookie obtained from App A in App B.
Sounds good !!!! Right? But How do we do that?
Once we reach the end of this article, we should be able to answer this and also be able to achieve that.
I shall try to explain the steps and concepts behind how to achieve this.
Concepts behind Sharing Cookies in iOS
As we discussed earlier in Part 1 of the series, a Cookie object of type NSHTTPCookie can be stored using “setCookie” method of NSHTTPCookieStorage class.
If you look at the NSHTTPCookieStorage class, it looks like below:
As you can see, NSHTTPCookieStorage has two things:
- a readonly property which is sharedHTTPCookieStorage — available on older iOS and macOS (before iOS 9 & OS X 10.11) as well.
- a class method sharedCookieStorageForGroupContainerIdentifier — available starting iOS 9 & macOS 10.11
We need to use one of the two ways as mentioned above to store a Cookie.
Since both methods contain sharedHTTPCookieStorage, one might think the cookie is shared by default. This causes some confusion (at least it did for me). Lets explore..
sharedHTTPCookieStorage
the first one, sharedHTTPCookieStorage is misleading at first, at least the name is. It sounds like a shared cookie storage but really it only shares cookies inside one single app i.e. each app has its own cookie storage and is not shared with any other app or not even with an app extension.
Refer the Apple documentation here
As you can see, only UIWebView instances in the app and the Network requests from the app can use this stored cookie and no one else. You can add the cookie to WKWebview as well by accessing the cookie store but thats about it. This storage is exclusive to the app and not really “Shared”
sharedCookieStorageForGroupContainerIdentifier
the second one, sharedCookieStorageForGroupContainerIdentifier is the actual guy who can do the job of sharing Cookies across apps for us. If you plan to share Cookies across apps or app extensions, you might want to use this or plan to use this as part of your design. (in future you can easily share across your apps without having to recompile the app)
So now that we understood the difference between the two methods, lets focus our attention on our guy, sharedCookieStorageForGroupContainerIdentifier to get the job done.
How to really share cookies across apps?
This method sharedCookieStorageForGroupContainerIdentifier accepts an argument, group container identifier of NSString / String type. Using the same group container identifier we can retrieve the Cookie in App B.
In other words, both apps need to know the group container identifier and pass that string to this method to access Cookies.
Lets take a closer look and I will explain about group container identifier in a bit.
Below is the code snippet on how to store a Cookie using the sharedCookieStorageForGroupContainerIdentifier: method
The group container identifier is very important. Even though it is NSString type, any random String would not work. It has to be a real proper group identifier that is created in the developer portal.
You can create an app group in the Identifiers Section->App Groups in Apple developer Portal.
Use the same String that is used in the developer portal as argument to the method sharedCookieStorageForGroupContainerIdentifier:
Then add the same thing in Xcode for all the apps that would share the Cookie like our App B.
Below is a screenshot of the Xcode, showing app group being added:
Retrieving Cookies in App B:
Once you store the Cookie in App A using the method sharedCookieStorageForGroupContainerIdentifier: and using the right group container identifier string, we should be able to access the same Cookie in another app, which also contains the same group identifier.
Below is a code snippet that can be used to access the Cookie:
Can Cookies be shared between any apps?
No. Cookies can be shared across apps that belong to the same App group and also contain the App group identifier inside Xcode capabilities. Apps should be part of the App Umbrella that your organization has.
In conclusion, you can really store and share cookies using the method sharedCookieStorageForGroupContainerIdentifier: and having the right app group identifier.This can lead to a good user experience and enables us to design better Apps. The documentation from Apple could have been better on this.
Please add your thoughts on the topic in responses. I look forward to learning from you guys as well.Thanks.
If you have not read Part 1 of the Cookie series please do. You can find it here
