0

I'm currently working on a web view that takes a js plugin via .evaluateJavaScript(). The js script will read a cookie and send it along with requests to a url that is different from the url of the web view for account authentication. I have this cookie in the URLSession.shared.configuration.httpCookieStorage, and initialized the webView with the default init() without passing any parameters. However, upon injecting the js, the required cookies does not appear in the webpage's storage. I tried to do an output of the webView.configuration.websiteDataStore.httpCookieStore.getAllCookies(), and the result shows the specific cookie is there. Hence I'm confused about it. Anyone could help me with that would be greatly appreciated.

Gefei Shen
  • 1
  • 1
  • If that's a secure cookie in `WKWebView` nomenclature i.e `HttpCookie`, it's by design not readable on client side. See https://stackoverflow.com/q/8064318/5329717 – Kamil.S Apr 01 '22 at 13:57
  • @Kamil.S, it is a HTTPOnly cookie. The js script needs to include the token in network requests so that the server can authenticate the user's identity. I'm unsure if that counts as "read"? – Gefei Shen Apr 01 '22 at 22:56
  • If that's the same server that you load into `WKWebView` as a request it will get the cookie in http header, you don't have to do anything with it. But no processing of the secure `HTTPOnly` cookie is possible on client side using js, unless the server echoes it back somehow. – Kamil.S Apr 02 '22 at 08:02
  • @Kamil.S Unfortunately that is the different server I load into 'WKWebView', the js was from a chrome plugin I've been working on. But after reading your comment, I tried to let my 'WKWebView' to load the same server, and the cookie did not get loaded. So I'm assuming something else is wrong here. – Gefei Shen Apr 03 '22 at 05:33
  • I think you might have a misconception. Processing server side has nothing to do with js running on client side accessing the cookie as presumably you attempted trying. That's even if the receiving end of the server would the page loaded into wkwebview. There's no way to access secure `HTTPOnly` cookie using js. – Kamil.S Apr 03 '22 at 08:48
  • @Kamil.S Thank you so much for the clarification, I will try to redesign the system. – Gefei Shen Apr 04 '22 at 22:00

0 Answers0