4

I have a webapp that authenticate via a REST APi witch respond with a userid and a session token, that will be sent with future ajax requests as Authorization Basic Header for secured end points of the api. That works fine on every browser, including iOS Safari. On iOS (iPad) The problem comes when i use the apple-mobile-web-app-capable Meta tag and add that application to the Home Screen: After the login, even if my Authorization Header is there (see it in the web inspector network request tab on my mac) when the first secured call is sent i get the safari Authenticaion Required popup asking me to enter my password.

The header is set via the ajaxSetup beforeSend propertie:

xhr.setRequestHeader("Authorization", "Basic " + base64Value)

Again, everything is fine on all browser, IOS Safari App and Home Button mode are ok, but when using the meta: apple-mobile-web-app-capable, the authenticaion mecanism is broken.

I did search a lot and found no solution yet.

Yannick G
  • 96
  • 5

2 Answers2

0

My problem is now solved. Ajax POST requests get cached on Safari IOS 6, and even if i clean the cache and cookies, the previously cached request will get stuck somewhere. I had a related problem on another ajax call but we got around it by adding the no cache header in our REST interceptor, but for some reason the login call to our API was still using the cached response (old session token) but only in WEB CAPABLE mode. Adding a time stamp to the end of the LOGIN url fixed that problem.

I still don't understand why a specific request would never get cleaned from the history/cookies in WEB CAPABLE MODE only.....

Yannick G
  • 96
  • 5
0

I encountered this problem with GET requests. My solution was to add the cache: false flag to jQuery.ajax(), which adds an extra GET parameter with a timestamp to prevent caching. A similar trick can be used in your own code, if you do not use jQuery.

POST requests should never be cached. That would really be a bug in iOS.

jQuery.ajax docs: http://api.jquery.com/jquery.ajax/

konrad
  • 3,340
  • 1
  • 27
  • 26