55

As the title implies, I am using AFNetworking in an iOS project in which the application talks to a server. When the user signs in, the server responds by sending back a success flag and the response headers contain the session ID.

I am wondering if AFNetworking automatically sends the session ID with every subsequent request or should I take care of this myself in some way?

For your information, I have no control over the back-end in terms of how requests are authenticated. I am only building a client that talks to the server.

Bart Jacobs
  • 9,022
  • 7
  • 47
  • 88

2 Answers2

116

Yes, your session ID should be sent automatically once you are logged in, as long as the cookie does not expire before the next request is sent (important detail to be sure of). NSURLConnection, which AFNetworking uses, takes care of the details for this for you.

On the backend AFNetworking is using NSURLConnection which in turn automatically updates NSHTTPCookieStorage to store the session. You can manipulate or delete the cookies as you see fit by messing with the cookie storage.

Like if you wanted to appear to the service as not logged in, you could just delete the session cookie associated to that domain. Some services I have worked with will error if you are already logged in and attempt to login again. Additionally there was no way to check login status. Quick fix, get the cookies from URL and delete them :

NSArray *cookies = [[NSHTTPCookieStorage sharedHTTPCookieStorage] cookiesForURL: networkServerAddress];
for (NSHTTPCookie *cookie in cookies) 
{
    [[NSHTTPCookieStorage sharedHTTPCookieStorage] deleteCookie:cookie];
}

From the developer himself

Community
  • 1
  • 1
Michael Boselowitz
  • 3,012
  • 1
  • 19
  • 22
  • If you down vote please leave a response as to why my answer is incorrect. – Michael Boselowitz Jun 14 '12 at 22:57
  • This was my impression as well and this clarifies some aspects of how AFNetworking and NSURLConnection work. Thanks for your answer. – Bart Jacobs Jun 15 '12 at 03:54
  • @MichaelBoselowitz I was facing issue by setting explicitly setting cookies. But, after I read your answer I removed cookies that I sat explicitly. Now its work like a charm :D Thanks. – MilanPanchal Aug 13 '14 at 11:23
4

This depends on the specification given by the service you are interacting with. I have worked with similar services and they have explicitly stated in their documentation that, In order to maintain the session valid I must poll the service at every few seconds by sending int "1".

However, If possible could please post the service name or any reference which we can read. If it is any company's private API then they must have described the use of the session id which they are returning.

Underlying technologies will take care of it, However if you want to persist those cookies then this answer for other question.

Persisting Cookies In An iOS Application?

Community
  • 1
  • 1
TeaCupApp
  • 11,316
  • 18
  • 70
  • 150
  • Thank you for your answer. It is indeed a private API and it is session based. My question really is how sessions are managed by AFNetworking or by iOS itself. If I receive a cookie with a session id, is it automatically sent with every subsequent request until the session expires? It is questions like this that I would like to know the answer of. – Bart Jacobs Jun 14 '12 at 18:28
  • Hey Bart, I just updated my answer. It turns out yes the cookie handling is done by underlying technologies and we don't have to worry about it. – TeaCupApp Jun 14 '12 at 23:00
  • What the hell? Downvoters write down why you think this is a wrong answer? – TeaCupApp Jun 14 '12 at 23:02
  • @Owl yeah, I would like to know why I got downvoted as well right now. I do not see anything wrong with my answer. – Michael Boselowitz Jun 14 '12 at 23:06
  • @Owl, I appreciate your answer and did not down vote your answer. – Bart Jacobs Jun 15 '12 at 03:52
  • @Owl, I came across that post as well a few days ago. Unfortunately, I can only award the bounty to one answer. Thanks very much for your answer. Much appreciated. – Bart Jacobs Jun 15 '12 at 03:55
  • mjb162's answer is more in-depth it deserves a bounty :) – TeaCupApp Jun 15 '12 at 03:56
  • 1
    How would one detect that a Session has expired client-side? What callback should we expect? Or is it just a matter of checking to see if the request (with that session id) succeeded or not? – Cole Dec 20 '12 at 16:11
  • +1 for the link... thanks for the explanation.. Can someone answer Cole's question. I am looking for the same. – Anshul Aug 09 '13 at 07:20
  • I'm not sure, but whenever you look at a cookie, there's usually an "expires= some date" as part of that, for instance: "Set-Cookie: ci_session=a%3A5%3A%7Bs%3A10%3A%22session_id%22%3Bs%3A32%3A%22d87d6553bc7356d8977a082713f25bc5%22%3Bs%3A10%3A%22ip_add....; expires=Fri, 25-Apr-2014 18:53:53 GMT; path=/". If you want to see if you are logged out of the server, you can ping a protected resource and look at the response code. – evliu Apr 25 '14 at 17:04