9

For an iOS 8 app I want to use a WKWebView for a custom authentication ViewController that I'm building. However, I can't seem to figure out how to clear the stored cookies for the WKWebView. Is it not possible at all, right now?

I don't have control over the server side, and the service is sending what looks like a permanent (or at least a long lived) cookie when the user logs in successfully. The problem is, if the user wants to change their login, then it becomes impossible, because even if the user logs out and presses login again, then the server automatically redirects using the stored cookies and logs them back again.

Open to ideas and suggestions, thanks!

In UIWebView it was simple to clear stored cookies, all you had to do was this:

NSHTTPCookieStorage *storage = [NSHTTPCookieStorage sharedHTTPCookieStorage];
for (NSHTTPCookie *cookie in [storage cookies])
{
    [storage deleteCookie:cookie];
}

But, the WKWebView does not seem to use the NSHTTPCookieStorage because I've already tried to do this before loading the request in the WKWebView! :(

Dhiraj Gupta
  • 9,704
  • 8
  • 49
  • 54
  • I just asked the same question on the iOS/Web Technologies forum! Same issue - want to test, only workaround is to wipe the Simulator after every test. I discovered the none-use of NSHTTPCookieStorage last summer. Not sure if you can see deleted answers, someone posted then deleted an answer where they proposed using Javascript to wipe the cookies. I'm going to try that and if it works I'll update this thread. – David H Nov 06 '14 at 14:23
  • I tried and tried to remove (expire) all the cookies with the JavaScript injection, never could get it to work. – David H Nov 06 '14 at 20:38
  • 1
    I'm using a wkwebview and your code worked for me. it's possible they added NSHTTPCookies to wkwebview. I did convert it to swift first, but that shouldn't make a difference. – jackreichert Mar 14 '15 at 19:16

3 Answers3

5

The answer was provided to me on the internal Apple forums: use a mutable NSURLRequest, and set HTTPShouldHandleCookies to NO:

let req: NSMutableURLRequest = NSMutableURLRequest(URL:openURL)
req.HTTPShouldHandleCookies = false
webView.loadRequest(req)

No cookies sent to the web site, so you get the login screen (for testing) every time.

David H
  • 40,852
  • 12
  • 92
  • 138
  • It looks likes this disables cookies, entirely! When I use set `request.HTTPShouldHandleCookies = NO;` The service in question detects this, post successful login and does not give the token. It instead gives an error saying: "This page could not be loaded. If you have cookies disabled in your browser, or you are browsing in Private Mode, please try enabling cookies or turning off Private Mode, and then retrying your action." – Dhiraj Gupta Nov 07 '14 at 08:08
  • @DhirajGupta You can also set the cookie string in the request, if you can figure out what to send. – David H Nov 07 '14 at 13:10
5

It seems like NSHTTPCookieStorage is now being used in iOS 8.2 to correctly clear cookies, as required. I had shipped an app which would run this code prior to opening a WKWebView based login:

NSHTTPCookieStorage *storage = [NSHTTPCookieStorage sharedHTTPCookieStorage];
for (NSHTTPCookie *cookie in [storage cookies])
{
    [storage deleteCookie:cookie];
}

Where earlier than iOS 8.2 the website would auto-login using the saved cookies, it now correctly asks the user to re-login. All this happened without me shipping an update to the app. :)

Thanks for the heads-up @jackreichert !

Dhiraj Gupta
  • 9,704
  • 8
  • 49
  • 54
0

Although removal of cookies are sufficient for common use-cases, there are far too many different ways of storing data in webview for example local database, session storage, SQL data storage etc.

This one-liner should do the trick by removing all of this data:

WKWebsiteDataStore.default().removeData(ofTypes: WKWebsiteDataStore.allWebsiteDataTypes(), modifiedSince: Date(timeIntervalSince1970: 0), completionHandler: {})
atulkhatri
  • 10,896
  • 3
  • 53
  • 89