1

My iOS app authenticates a user with a login screen upon initial entry into the app and after login success the credentials are stored in keychain. Unless the user goes and logs out of the app, the rest of the times the user opens the app they are authenticated against stored credentials.

When the user logs out the app is reset to its initial ViewController and the keychain and any stored data is wiped out. There is a sequence that will make NSURLConnection use the TLS session cache and not call canAuthenticateAgainstProtectionSpace and that is if a user logs in from the main login screen (not from stored creds) then without closing the app goes and logs out and tries to login again.

What I have tried/done so far:

  1. I have used this: https://developer.apple.com/library/ios/qa/qa1727/_index.html to solve part of the problem. I should note that I do not have control over the server so I can not adjust ports or set up the server to route wild card domain names.
  2. I have implemented the "." at the end of the host name for the login screen authentication call and no "." on the host name for the stored credentials authentication call.
  3. I also tested to see if the server was setup to route wildcard domain names by appending a random number to the beginning of the host name and that did not work.

I am looking for a solution other than the "." at the end of the host name to trigger canAuthenticateAgainstProtectionSpace delegate method every time that API call is made.

Luís Cruz
  • 14,780
  • 16
  • 68
  • 100
user3768760
  • 51
  • 1
  • 3
  • The sad truth about this one is that Apple have chosen not to do anything about this since the cache handling conforms to an RFC 2246 protocol. I have the exact same problem and i ended up adding a delay on 1 minute before the use can login again. This is due to the fact that the credentials are stored in as you say the TLS cache. Clearing the cache while on the same session will only clear the cache after about 30-50 seconds. This has to do with the fact that CFSocketStream will automagically clear the cache after NSURLConnection clears its cache. Sorry if this brings you any inconvenience. – Widerberg Sep 09 '14 at 14:45
  • @AlexanderW thanks for the response. I have been playing with a workaround for this for a while and decided to post to see if anyone smarter than me had a solution but it's looking like that's not the case at the moment. Cheers – user3768760 Sep 09 '14 at 15:20
  • @AlexanderW are you sure that even us NSURLSession , there will be abour 1 minute delay before the TLS cache actually being deleted? thanks! – sunus Mar 28 '16 at 08:44

0 Answers0