How to manage sessions with AFNetworking?

Asked 11/6, 2012 at 16:54 Answered 14/6, 2012 at 19:10

As the title implies, I am using AFNetworking in an iOS project in which the application talks to a server. When the user signs in, the server responds by sending back a success flag and the response headers contain the session ID.

I am wondering if AFNetworking automatically sends the session ID with every subsequent request or should I take care of this myself in some way?

For your information, I have no control over the back-end in terms of how requests are authenticated. I am only building a client that talks to the server.

Galligaskins answered 11/6, 2012 at 16:54 Comment(0)

116

Yes, your session ID should be sent automatically once you are logged in, as long as the cookie does not expire before the next request is sent (important detail to be sure of). NSURLConnection, which AFNetworking uses, takes care of the details for this for you.

On the backend AFNetworking is using NSURLConnection which in turn automatically updates NSHTTPCookieStorage to store the session. You can manipulate or delete the cookies as you see fit by messing with the cookie storage.

Like if you wanted to appear to the service as not logged in, you could just delete the session cookie associated to that domain. Some services I have worked with will error if you are already logged in and attempt to login again. Additionally there was no way to check login status. Quick fix, get the cookies from URL and delete them :

NSArray *cookies = [[NSHTTPCookieStorage sharedHTTPCookieStorage] cookiesForURL: networkServerAddress];
for (NSHTTPCookie *cookie in cookies) 
{
    [[NSHTTPCookieStorage sharedHTTPCookieStorage] deleteCookie:cookie];
}

From the developer himself

Bolinger answered 14/6, 2012 at 19:10 Comment(3)

If you down vote please leave a response as to why my answer is incorrect. – Bolinger 14/6, 2012 at 22:57

This was my impression as well and this clarifies some aspects of how AFNetworking and NSURLConnection work. Thanks for your answer. – Galligaskins 15/6, 2012 at 3:54

@MichaelBoselowitz I was facing issue by setting explicitly setting cookies. But, after I read your answer I removed cookies that I sat explicitly. Now its work like a charm :D Thanks. – Narcho 13/8, 2014 at 11:23

This depends on the specification given by the service you are interacting with. I have worked with similar services and they have explicitly stated in their documentation that, In order to maintain the session valid I must poll the service at every few seconds by sending int "1".

However, If possible could please post the service name or any reference which we can read. If it is any company's private API then they must have described the use of the session id which they are returning.

Underlying technologies will take care of it, However if you want to persist those cookies then this answer for other question.

Persisting Cookies In An iOS Application?

Paloma answered 14/6, 2012 at 14:27 Comment(10)

Thank you for your answer. It is indeed a private API and it is session based. My question really is how sessions are managed by AFNetworking or by iOS itself. If I receive a cookie with a session id, is it automatically sent with every subsequent request until the session expires? It is questions like this that I would like to know the answer of. – Galligaskins 14/6, 2012 at 18:28

Hey Bart, I just updated my answer. It turns out yes the cookie handling is done by underlying technologies and we don't have to worry about it. – Paloma 14/6, 2012 at 23:0

What the hell? Downvoters write down why you think this is a wrong answer? – Paloma 14/6, 2012 at 23:2

@Owl yeah, I would like to know why I got downvoted as well right now. I do not see anything wrong with my answer. – Bolinger 14/6, 2012 at 23:6

@Owl, I appreciate your answer and did not down vote your answer. – Galligaskins 15/6, 2012 at 3:52

@Owl, I came across that post as well a few days ago. Unfortunately, I can only award the bounty to one answer. Thanks very much for your answer. Much appreciated. – Galligaskins 15/6, 2012 at 3:55

mjb162's answer is more in-depth it deserves a bounty :) – Paloma 15/6, 2012 at 3:56

How would one detect that a Session has expired client-side? What callback should we expect? Or is it just a matter of checking to see if the request (with that session id) succeeded or not? – Chiropody 20/12, 2012 at 16:11

+1 for the link... thanks for the explanation.. Can someone answer Cole's question. I am looking for the same. – Schoenfelder 9/8, 2013 at 7:20

I'm not sure, but whenever you look at a cookie, there's usually an "expires= some date" as part of that, for instance: "Set-Cookie: ci_session=a%3A5%3A%7Bs%3A10%3A%22session_id%22%3Bs%3A32%3A%22d87d6553bc7356d8977a082713f25bc5%22%3Bs%3A10%3A%22ip_add....; expires=Fri, 25-Apr-2014 18:53:53 GMT; path=/". If you want to see if you are logged out of the server, you can ping a protected resource and look at the response code. – Thicken 25/4, 2014 at 17:4

Recommended topics

Hot tags