Can't clear WebView cookies on iOS + Duplicate cookiesΒ #14360
Description
I have searched and made sure there are no existing issues for the issue I am filing
- I have searched the existing issues
Description
incorrect webview cookie management
Expected Behavior
- removeAllHTTPCookies / removeHTTPCookiesForDomain / removeHTTPCookie should delete the cookie
- only one cookie with the same domain/path/name (RFC 6265 5.3.11 https://datatracker.ietf.org/doc/html/rfc6265#section-5.3)
Actual behavior
- can't clear the webview cookies in any way
- when the server send a delete cookie header (Set-Cookie: test=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0) cookie remain active and a new one with the same domain/path/name were stored and sent to the webserver in the following requests
Reproducible sample
app.js
const domain = "carlo.tnx.it";
const page = "https://" + domain + "/set_cookie.php";
const window = Ti.UI.createWindow({
layout:'vertical'
});
var wv;
const b3 = Ti.UI.createButton({
top:50,
height:50,
title:"open "+page
});
b3.addEventListener('click', () => {
if(wv) window.remove(wv);//tried to completly remove the instance
wv = Ti.UI.createWebView({
height:600
});
window.add(wv);
wv.url = page
});
window.add(b3);
const b1 = Ti.UI.createButton({
height:50,
title:"getHTTPCookiesForDomain("+domain+")"
});
b1.addEventListener('click', () => {
var debug = '';
a = Titanium.Network.getHTTPCookiesForDomain(domain);
for(var i in a) debug += "domain: "+a[i].domain+"\npath: "+a[i].path+"\nname: "+a[i].name+"\nvalue: "+a[i].value+"\n\n";
alert(debug);
});
window.add(b1);
const b2 = Ti.UI.createButton({
height:50,
title:"removeAllHTTPCookies"
});
b2.addEventListener('click', () => Titanium.Network.removeAllHTTPCookies());
window.add(b2);
const b5 = Ti.UI.createButton({
height:50,
title:"removeHTTPCookiesForDomain("+domain+")"
});
b5.addEventListener('click', () => Titanium.Network.removeHTTPCookiesForDomain(domain));
window.add(b5);
const b4 = Ti.UI.createButton({
height:50,
title:"removeHTTPCookie cicle"
});
b4.addEventListener('click', () => {
var debug = '';
a = Titanium.Network.getHTTPCookiesForDomain(domain);
for(var i in a) Titanium.Network.removeHTTPCookie(a[i].domain, a[i].path, a[i].name);
});
window.add(b4);
window.open();
set_cookie.php
$requestHeaders = getallheaders();
echo '<div style="font-size:200%">';
echo '<b>HTTP request headers:</b><br />';
foreach($requestHeaders as $key=>$val){
if($key == "Cookie") echo "<span style='color:red'>";
echo $key . ': ' . $val;
if($key == "Cookie") echo "</span>";
echo "<br />";
}
if(!$_COOKIE['test'] || $_GET['forceResend']){
setcookie("test", strftime("cookie sent at %H-%M-%S on %Y-%m-%d"), time()+365*86400);
echo "<br /><br /><b>COOKIE HEADER SENT</b>";
}
else echo "<br /><br /><b>COOKIE HEADER RECEIVED</b>";
if($_GET['delete']){
setcookie("test", false, time()-365*86400);
echo "<br /><br /><b>DELETE HEADER SENT</b>";
}
echo "<br /><br /><a href='".$_SERVER['SCRIPT_NAME']."?forceResend=1'>resend</a>";
echo "<br /><br /><a href='".$_SERVER['SCRIPT_NAME']."?delete=1'>send delete header</a>";
$responseHeaders = headers_list();
if($responseHeaders){
echo '<br /><br /><b>HTTP response headers:</b><br />';
foreach($responseHeaders as $val){
if(strpos($val, "Set-Cookie") === 0) echo "<span style='color:red'>";
echo $val;
if(strpos($val, "Set-Cookie") === 0) echo "</span>";
echo "<br />";
}
}
echo "</div>";
Steps to reproduce
- visit the webpage (button 1)
- check the cookie stored (botton 2)
- try to delete the cookie (botton 3 or 4 or 5)
- check again the cookie stored (botton 2), it seems to be deleted
- visit again the webpage (button 1), original cookie still there (problem 1)
- try force delete from the server by clicking "send delete header" link in the webpage
- visit again the webpage (button 1), two identical cookies are sent (problem 2)
Platform
iOS
SDK version you are using
13.0.0.GA
Alloy version you are using
No response