Alexander Huang Alexander Huang - 1 year ago 109
iOS Question

iOS 10 beta NSURLSession request's cookie is gone

I have an APP which use NSURLSession to connect the server to retrieve data. In iOS 9, it works well. Just recently iOS is about to be released and I upgrade Xcode and use iOS 10 Beta SDK... it turns out the HTTP GET request didn't contain the Cookie session information. That makes the request fail. I have searched here for iOS 10 beta's problems about cookie but not much luck. Would like to ask anyone had experienced this and any advice??? Thank you in advance.

Here is my code to create NSURLSession

NSURLSessionConfiguration *urlSessionConfig = [NSURLSessionConfiguration backgroundSessionConfigurationWithIdentifier:EP_FETCH];

_fetchSession = [NSURLSession sessionWithConfiguration:urlSessionConfig
delegate:self // we MUST have a delegate for background configurations
delegateQueue:nil]; // nil means "a random, non-main-queue queue"


Already file a bug to Apple. Meanwhile, also found if i change

NSURLSessionConfiguration *urlSessionConfig = [NSURLSessionConfiguration backgroundSessionConfigurationWithIdentifier:EP_FETCH];


NSURLSessionConfiguration *urlSessionConfig = [NSURLSessionConfiguration defaultSessionConfiguration];

Then cookie is back in HTTP request. So i wonder it is 'NSURLSessionConfiguration backgroundSessionConfigurationWithIdentifier' this api has some problems.

Answer Source

If there's even a chance that this is not a bug in your code, file a bug. Any regression should be reported to Apple today, because iSO 10 is only a few days from the final release. Please provide:

  • A minimal example tool that reproduces the problem.
  • A description of the behavior.
  • A description of the behavior on previous OSes.

Consider marking it as "Security", because this impacts the device's ability to authenticate to web services.

As for diagnosing the issue:

  • Try explicitly setting the HTTPCookieStorage property on your session configuration to [NSHTTPCookieStorage sharedHTTPCookieStorage].
  • Put in breakpoints and ensure that the cookie is getting stored by some other part of your app before you initiate the request.
  • Try compiling against the iOS 9 SDK and running it on iOS 10. This will distinguish unexpected SDK-tied (linked-on-or-after) behavior differences from ordinary bugs.
  • Add code to try to extract the cookie manually and verify that it is really there.
  • Verify that there are no subtle mistakes like marking a cookie secure and then sending it over HTTP, cookie domain matching issues, unexpected redirects, etc.