Set-Cookie response header is not working on react-native 0.44.0

[nsisodiya]

I have created a Github repo for showcasing the bug.

Problem

When App make a XHR request for login. Login server sends cookie. App send XHR to get data and server read auth cookie on XHR. This is working fine with Android. However same code is not working with iPhone. At server side I am getting following logs. JWT token is undefined

How to reproduce this bug

cd react-native-cookie-bug
yarn install
react-native run-ios

On iPhone Simulator, this will print like this

On Android , this print like this

Online Demo

Created https://snack.expo.io/BJAHjhMb- online demo, but here things are working fine because they are using Expo 16 which use react 0.43.4 where this bug do not present.

[hramos]

Isn't this a duplicate of #14063?

[nsisodiya]

Yes I think so.

[DanielZlotin]

Yes same issue, see #14064 for the fix

[deepaksisodiya]

@nsisodiya You should try this
fetch(url, {
credentials: 'include',
...otherOptions,
});

[nsisodiya]

For me `include` is working on both. On ios, if you close the app, cookie will be deleted. So you need to save Cookie on AsyncStorage.

[Piyush905]

@nsisodiya I am facing the same problem which you mentioned "On ios, if you close the app, cookie will be deleted". I stored the Cookie in AsyncStorage but I am not able to figure it out -"how to load back the cookie into our app". I want to use the stored cookies for Fetch request. Any idea?

[Palisand]

@Piyush905 You can store the cookie in AsyncStorage, although you should not do so if the cookie holds sensitive information (use this instead and consider the keystore branch if you're targeting android 18+), and use react-native-cookie to set it again.

Note, I am experiencing cookie deletion on Android as well.

[Piyush905]

@Palisand Thanks. Yes, I am doing the same way. But, is there any other way where we can directly push cookie into the Fetch without using react-native-cookie. Also, I am facing challenge to get cookie from Webview (without react-native-cookie) once authentication is successful.

[Palisand]

The only other way, as far as I know, is to make the API call that sets the cookie header every time you start the app. If you're dealing with a user session, you would securely store credentials on the device and re-authenticate on app startup. However, this can render cookie expiration moot.

[almirfilho]

Using RN 0.49 and neither credentials: 'include' nor withCredentials: true are working.

[aqnaruto]

@Palisand how to store cookies in asyncstorage or delete cookie?
when i using cookie, credentials: 'include' ,session expiration time is out,so,i relogin, the server is updating session, but, my cookie is still not updated in some device such as android 5.5 ,ios 10.1

[Palisand]

@aqnaruto Can't you just use react-native-cookie or react-native-cookies to access the cookie you want to store in device storage?

import {AsyncStorage} from "react-native";

const cookie = getCookieWithOneOfTheLibrariesStatedAbove();
AsyncStorage.setItem(cookie.name, cookie.value);

For deleting specific cookies, you'd want to use react-native-cookies's (that's with an "s"!) clearByName, and for removing them from storage, just call AsyncStorage.removeItem.

As I mentioned in a previous comment, do not use AsyncStorage if your cookie is holding sensitive data, like an authentication token! It is an unencrypted store, so if a user's device is rooted or jailbroken, their information is at risk of exposure.

If you are storing sensitive data, please consider using iOS's keychain and/or Android's keystore. Please read this short blog post before choosing a secure storage library.

[aqnaruto]

@Palisand thankyou ,but, i have tried react-native-cookies before,but it not works well on reactnative0.44&0.46 ,
okay,mabe i should try it more

[Palisand]

@aqnaruto Please let me know if it does work out. Just out of curiosity, are you using cookies for session authentication? If that's the only reason you're using them, then you should consider switching to token-based auth. Sorry I could not be of more help.

[aqnaruto]

@Palisand thankyou , yeah i am using cookies for session authentication,i using session to storage user's base info in various page, i don't want to change backend code to switch token-based now.
when i using react-native-cookies ,it's caused my app a lot error occured , such as react-navigation's view can't find、android compile error....

maybe i should try it more...