Cookie Auth Using Build?

  • 2
  • Question
  • Updated 9 years ago
So we're going to need to do cookie auth in our PG app, and it seems this requires special settings to accomplish, according to http://stackoverflow.com/questions/37...

If this is the case, can we get a checkbox or something in Build to enable optional functionality like this?
Photo of Nick Carter

Nick Carter

  • 21 Posts
  • 0 Reply Likes
  • wondering

Posted 9 years ago

  • 2
Photo of Fil Maj

Fil Maj

  • 139 Posts
  • 15 Reply Likes
I think, rather than this being a feature of build.phonegap.com, it should be a bug filed with the PhoneGap-iPhone project.

I'll submit this as an issue to the phonegap-iphone issue tracker (phonegap.lighthouseapp.com) and see if we can get it in for the next 0.9.5 release.
Photo of Fil Maj

Fil Maj

  • 139 Posts
  • 15 Reply Likes
I've posted the issue here, so you can keep tabs on that:

http://phonegap.lighthouseapp.com/pro...
Photo of Jennie Faber

Jennie Faber

  • 2 Posts
  • 0 Reply Likes
Is there a correlating ticket on Github Issues? I searched for permutations of "cookie" and didn't spot it. I know you guys aren't using Lighthouse anymore and I would like to see the status of this issue. Thanks!
Photo of Andrew Lunny

Andrew Lunny

  • 1911 Posts
  • 199 Reply Likes
This has been resolved as of this commit:
https://github.com/purplecabbage/phon...

It will make it in to the 0.9.5 release (the next few days, most likely)
Photo of Jennie Faber

Jennie Faber

  • 2 Posts
  • 0 Reply Likes
Great news, thanks, Andrew! Crossing my fingers it fixes my intermittent cookie issues.
Photo of Nick Carter

Nick Carter

  • 21 Posts
  • 0 Reply Likes
I've also come across information that makes it seem as if server can access/set cookies just fine, but that they're inaccessible to JS. If that's true, I may be able to live with it, because all I really need it for is authentication.

If this is indeed the nature of the issue, it sounds pretty hard for me to be able to test other than looking at server logs/debugging on that side, right?
Photo of Fil Maj

Fil Maj

  • 139 Posts
  • 15 Reply Likes
Pretty much, not exactly 100% sure on that as PhoneGap applications aren't based on classic client/server architecture as you would expect with a true web application.

If you can avoid using cookies as a means of communicating authentication information between your clients and your server then you can get around this. In the end it doesn't really matter whether you send your username/password info via HTTP headers or HTTP message body, and whether success/fail responses from the server go back, again, in headers or in the body.
Photo of Nick Carter

Nick Carter

  • 21 Posts
  • 0 Reply Likes
Can certainly see about adding support for another means of handling auth than maintaining cookie. Sucks to be sending information with every request though, we'll probably end up placing some sort of session data in localStorage or whatever if the cookie thing doesn't work out.

Thanks for all the continuing help, Fil, it's much appreciated.
Photo of Andrew Lunny

Andrew Lunny

  • 1911 Posts
  • 199 Reply Likes
Another option is to manually use the cookies - if you have a login/authenticate post initially, read the Set-Cookie header from the response, store the contents of that header, and set it manually as a Cookie header on subsequent requests.

This is imperfect, and needs a bit of massaging if the cookie sent by the server isn't perfect (for example, if multiple set-cookie headers are present), but it usually can get the job done.
Photo of Nick Carter

Nick Carter

  • 21 Posts
  • 0 Reply Likes
that's a cool workaround definitely
Photo of Nick Carter

Nick Carter

  • 21 Posts
  • 0 Reply Likes
I see cookie support was added to a fork, guess this hasn't made it into master/Build yet, right?
Photo of Andrew Lunny

Andrew Lunny

  • 1911 Posts
  • 199 Reply Likes
I don't think so - you mean on iPhone, right? You can see the commit history at http://github.com/phonegap/phonegap-i...