I am developing an application that is part of the HTTPS website . After authentication, the website sends the final cookie, which is marked as "Safe."
The app works when I use defaultSessionConfiguration()to NSURLSession().
When I change one line in the application to use backgroundSessionConfigurationWithIdentifier(), I can not go through the authentication stage. I get a webpage showing that I am authenticated, but subsequent requests return the login page.
It appears that the “authenticated cookie” is not in the shared cookie store.
This cookie is the only cookie that the website designates as "safe." Please note that this HTTPS site performs all transactions through HTTPS.
TL DR
What does a background NSURLSession do other than the default session to lose a secure cookie?
EDIT: I did some more work.
When NSURLSession redirects using backgroundSessionConfiguration, does it ignore cookies sent in the redirect header? (I think a cookie that is “safe” may not be critical.)
The redirect works correctly when specified defaultSessionConfiguration.
source
share