I am connecting to server using NSURLConnection. The server asks for basic authentication for which I am using the delegate methods :-didReceiveAuthenticationChallenge. But this gets called only once. If I change password to some different value, then this delegate methods does not get called and it takes my login as successful?
Any kind of help will be appreciated.
Thanks.
Solved!
It turns out that NSURLConnection was actually behaving correctly - that is, didReceiveAuthenticationChallenge: was being called for every authentication challenge.
The problem was that the server was not sending challenges after the first one. This turned out to be because the server was setting a cookie.
You can force a new challenge by simply deleting the cookie. Because there are no other useful cookies for this server, I just delete all of them:
- (void)clearCookiesForURL {
NSHTTPCookieStorage *cookieStorage = [NSHTTPCookieStorage sharedHTTPCookieStorage];
NSArray *cookies = [cookieStorage cookiesForURL:_URL];
for (NSHTTPCookie *cookie in cookies) {
NSLog(@"Deleting cookie for domain: %@", [cookie domain]);
[cookieStorage deleteCookie:cookie];
}
}
You have to do following steps to close session completely.
Unfortunately, there is currently no easy way of doing what you asked for:
Apple informative explanation: TLS Session Cache
Open Radar bug request: No way to clear TLS Cache with NSURLConnection
NSURLConnection will cache credentials. Here is an approach to find and erase specific credentials (so you are challenged again):
Hope that works for you, Steve
