10

I find Vimeo iOS native app can set cookies to mobile Safari. How does it do?

Repo steps:

1, Install Vimeo iOS native app on an iOS device.

2, Open this Vimeo iOS native app and then sign in with your Vimeo account.

3, Open mobile Safari and then open web page "https://vimeo.com/". You find you are not signed in Vimeo.

4, Open Vimeo iOS native app and then click on the "Help (question mark)" icon in the left navigation bar. You will see that Vimeo's web page help center is opened via UIWebView. And then you can close this help center.

5, Open mobile Safari and then open web page "https://vimeo.com/". You find you are signed in Vimeo.

Thank you.

weilou
  • 4,419
  • 10
  • 43
  • 56

3 Answers3

5

As shown in this question, you can set a cookie using the NSHTTPCookieStorage class.

EDIT:
As Kitsune pointed out, the docs state that this will not work between applications in iOS like it does in OSX.

I do not have time to test this right now, but perhaps you can set a cookie using javascript and the stringByEvaluatingJavaScriptFromString method of UIWebView and it will be shared? Here is a function that I found on the internet which could be called:

function SetCookie(cookieName,cookieValue,nDays) {
 var today = new Date();
 var expire = new Date();
 if (nDays==null || nDays==0) nDays=1;
 expire.setTime(today.getTime() + 3600000*24*nDays);
 document.cookie = cookieName+"="+escape(cookieValue)
                 + ";expires="+expire.toGMTString();
}
Community
  • 1
  • 1
lnafziger
  • 25,760
  • 8
  • 60
  • 101
  • 5
    According to `NSHTTPCookieStorage`'s documentation: _iOS Note: Cookies are not shared among applications in iOS._ – Kitsune Jan 13 '13 at 05:52
  • @Kitsune _Cookies are not shared among applications in iOS._ iOS native apps can set cookies to mobile Safari. But native apps can't get or delete cookies in mobile Safari. **Right?** – weilou Jan 13 '13 at 07:03
  • 1
    @weilou Unless that part of the documentation is just poorly worded (not impossible), all apps should be totally segregated, including setting cookies in Safari, when using that API (otherwise Safari would automatically include all cookies set using the sharedStorage in any app). With that said, I've no idea how Vimeo is doing what you describe... it's possible there's some other call that'd help (maybe even a private call they slipped through!) accomplish it. – Kitsune Jan 13 '13 at 07:44
3

It's possible that vimeo's native app is passing some kind of sign in token through the query string to the help page, which could immediately redirect you to a page with no signin token in the URL any more after setting a cookie. Since the cookie is set by the web server to the UIWebView (Safari), it's found when you use the Safari app.

That wouldn't require a supporting API in iOS...

Rob Fonseca-Ensor
  • 15,510
  • 44
  • 57
1

This obviously wouldn't have applied at the time of the OP's question, but more recently cookies were shared between Safari and SFSafariViewController instances in iOS 9 and 10. Vimeo could have set a cookie via an invisible SFSafariViewController to achieve this result. However, this has changed in iOS 11. Going forward, every app (including Safari itself) will have a completely sandboxed data store. Official announcement here (at the 17:28 mark).

In iOS 11, behavior like this will no longer be possible (in fact, preventing it was the featured example in Apple's announcement about this change).

If you need a way to pass a guaranteed user match through from Safari to your app, you'll need to use an existing network of device matches, such as Branch.io (full disclosure: I'm on the Branch team). You can read about the techniques Branch uses instead of cookie passthrough here.

Alex Bauer
  • 13,147
  • 1
  • 27
  • 44