5

How do I make WKWebView not share cookies with Safari in OSX?

I have a very simple app that I made as an experiment that displays a WKWebView and as far as I can see, it's picking up cookies from Safari, because in my custom app, I'm logged in in the same websites as Safari.

I am currently creating the WKWebView instance like this:

override func loadView() {
    self.webView = WKWebView()
    self.view = self.webView!
}

in an NSViewController I created. I also tried this:

override func loadView() {
    var processPool = WKProcessPool()
    var config = WKWebViewConfiguration()
    config.processPool = processPool
    self.webView = WKWebView(frame: CGRect(x: 0, y: 0, width: 100, height: 100), configuration: config)
    self.view = self.webView!
}

but it made no difference to cookie storage. I don't have an issue creating my own cookie storage as long as it's not using hacks, as previous hacks for WebView did not work. I just need cookies to not be shared between my app and Safari.

Pablo Fernandez
  • 279,434
  • 135
  • 377
  • 622
  • This is an interesting issue... I thought i've been seeing something with cookie sharing between Safari and Firefox last few weeks that is bugging me. Found this... https://developer.apple.com/library/mac/documentation/Cocoa/Reference/Foundation/Classes/NSHTTPCookieStorage_Class/index.html – Cliff Ribaudo Feb 26 '15 at 11:41
  • "As a rule, cookies are shared among all applications and are kept in sync across process boundaries." does it mean there's no way around it? – Pablo Fernandez Feb 26 '15 at 11:45
  • Didn't know that... seems like a bad idea from a security standpoint. I saw some references to being able to get a private cookie jar in one of the stack answers. I'd look into that. – Cliff Ribaudo Feb 26 '15 at 11:49
  • 1
    Seems like it ain't possible anymore, and if you want private storage you have to do it yourself!! See this: http://stackoverflow.com/questions/7922460/private-cookie-for-only-my-app-why-is-it-influencing-the-browsers-cookie – Cliff Ribaudo Feb 26 '15 at 11:54
  • @CliffRibaudo What do you mean by do it yourself? – Pablo Fernandez Feb 26 '15 at 12:01
  • Implement your own cookie storage using coreData or some such. – Cliff Ribaudo Feb 26 '15 at 14:01
  • @CliffRibaudo I'll be happy to implement my own cookie storage using whatever... this is actually part of what we want to do, but WKWebView, as far as I can see, doesn't let you do that. Am I wrong? – Pablo Fernandez Feb 27 '15 at 17:12
  • @Pablo It seems that you'd have to switch to UIWebView to have proper cookie behavior. Did you try that? – gijswijs Mar 05 '15 at 13:21
  • @gijswijs isn't UIWebView iOS only? – Pablo Fernandez Mar 05 '15 at 19:50
  • I found a open source project which addresses this problem. Author claims that it's not perfect but it can be a start point. https://github.com/cyyuen/ADCookieIsolatedWebView – Seunghoon Jul 20 '15 at 07:36
  • The Captive Network Assistant which pops open when you have to sign in to use wifi seems to have its own cookie storage. (It would be security risk if it didn't since it opens automatically and an attacker could impersonate sites to see what cookies you have). It would be interesting to find out how it does it. – Alexander Ljungberg Dec 09 '16 at 10:49

0 Answers0