Dammit iOS

[lloydroc]

Hi All,

We have the latest version 1.1.2 and weve been happy with it. We can successfully log onto all major browsers on OSX as well and Chrome on Android. When logging into iOS the session is created successfully and I see the HTTP only Auth Cookie come back in the log in response but latter requests don't contain the Auth token cookie and we get authentication issues after we request again after the successful login. I've compared both the OSX auth flow and iOS auth flow and am flummoxed on why iOS wont contain the auth cookie in the next requests after the cookie is created. Any ideas?

Thanks!
Lloyd

[lloydroc]

Hello All,

Though you would want to see the output of db.getSession().

db.getSession() on Firefox on OSX

{"ok":true,"userCtx":{"name":"abc","roles":["def"]},"info":{"authentication_db":"_users","authentication_handlers":["cookie","default"],"authenticated":"cookie"}}

In the response in Firefox I see - Note I get a 200 OK response:
set-cookie: AuthSession=bnR0OjVBRDE3NDc4Ov…ax-Age=6000; Path=/; HttpOnly

db.getSession() on Safari on iOS

{ok: true, userCtx: {name: null, roles: []}, info: {authentication_db: "_users", authentication_handlers: ["cookie", "default"]}}

Not sure how I got name: null and roles: []?!?

In the response in Safari I see:
Set-Cookie: AuthSession=bnR0OjVBRDE3NEREOmL_YfpkLWUsg5k6gIjqUNc4m8ho; Version=1; Expires=Sat, 14-Apr-2018 05:06:21 GMT; Max-Age=6000; Path=/; HttpOnly

Also important to note that on Firefox the request is to the /_session path, whereas iOS changes the request to have a nonce: /_session?_nonce=1523676381407.

As far as the logging goes on CouchDb on the server. I get this:

Firefox on OSX:

someurl.com 172.18.0.1 undefined POST /_session 200 ok 6
someurl.com 172.18.0.1 abc GET /_session 200 ok 1

Safari on iOS

someurl.com 172.18.0.1 undefined POST /_session?_nonce=1523677335450 200 ok 9
someurl.com  172.18.0.1 undefined GET /_session?_nonce=1523677335574 200 ok 1

Notice there is a POST to log in and a GET from the db.getSession() as seen on the logs. On the iOS request it seems the user is missing and is set to undefined.

Example Request from Safari. iOS and Firefox have size 40 bytes and I have confirmed correct username/password are being sent in the request:

Request
:method: POST
:scheme: https
:authority: someurl.com
:path: /_session?_nonce=1523678001831
Content-Type: application/json
Origin: https://someurl.com
Host: someurl.com
Accept: application/json
Connection: keep-alive
Content-Length: 40
Accept-Encoding: br, gzip, deflate
User-Agent: Mozilla/5.0 (iPad; CPU OS 11_3 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/11.0 Mobile/15E148 Safari/604.1
Referer: https://someurl.com/login
Accept-Language: en-us

[chisNaN]

Hello
I have noticed the same "phenomenon" on safari ios AND MACOS
session does not seem to hold....

[lloydroc]

I ended up jumping ship on it. After going through the code base it seems a bit stale and I ended up using alternatives. Still think PouchDb is awesome!! Plugins have a life cycle of their own.

[chisNaN]

Yes and also with PWA integration there is no problem)))

[s-oram]

@lloydroc What was the alternative auth plugin you used? I'm looking to build an app with PouchDb now and in need of an auth solution myself.

[lloydroc]

Hi @s-oram sorry for taking so long to respond. I used plain old javascript to login (axios) in my case. If that is successful I save the credentials in a safe place and have to pass them to PouchDB each time as auth. It's not optimal.

[s-oram]

Thanks @lloydroc, I'll add axios to the consideration list. :)