Persistency of `$http.withCredentials`?


#1

Recently I’ve noticed problems where some of my users complain about being logged out of the app for now reason. I have a hunch something is going wrong with the way I’m doing auth.

Currently, I’m using a Cookie-based auth by setting $http.defaults.withCredentials = true;, which seems to work just fine most of the time.

I’m trying to understand what could go wrong, and it seems that if for any reason the cookie-based credentials get wiped, users would be logged out.

To fully dig into this, I want to understand where is the XMLHttpRequest actually storing these credentails. AFAIK it is not in the actual cookies since hybrid apps are served locally and so don’t have cookies. On top of that, document.cookie is empty as well.

So where are these Credentials being stored?


#2

Came across a very strange case a week ago with something similar using Local Storage, and I wonder if cookies fall in the same category. We had users who were having data loss and getting logged out because when iOS reaches almost full storage, it actually will erase that stuff first to make room for other things. Kind of odd


#3

I was seeing the same problem, and thought it was localStorage getting wiped out, so I moved all of the on-device storage to a SQLite database (using Cordova SQlite plugin. I kept seeing the problem happening, so that’s when I started digging deeper and thinking about the way XMLHttpRequest is “storing” these credentials.

Were you able to come up with a solution?


#4

I’m facing the same problem. I’m using a session cookie that seemed to work fine, until now. When launching the app after a login, the cookie doesn’t existe anymore.

Did you guys find any solution?