Loss of session during switch between iOS home app

Hi, I have a standard vaadin application with login page, the base is dashboard demo, when I save the app as home app in any iOS system, If I switch between applications after login, when I return to vaadin App the session is lost and the login page is displayed again. I suppose that the JSESSIONID’s cookie is lost, there’s any solution to this problem?
The same problem is when a link in application going to new target window, open safari browser, when the user return by clicking link in top-left corner the session is lost again.
I didn’t find nothing in previous topics.

TIA
Cristian

Hi Cristian,

this sounds like a limitation in iOS to me - apologies for not trying this out at a late hour like this.
But - I am writing this because I wonder if I have an idea that could lead to / be a solution.
Did you try to embed your application in a Cordova / PhoneGap environment?
Often times, it is enough to just include a redirect page with Cordova pointing to the Vaadin application.

Best,
Enver

Enver thanks for the answer, it is not necessary try with my application, the online dashboard demo of vaadin Ltd already suffers of this problem: https://demo.vaadin.com/dashboard/
If you try with safari browser the problem doesn’t exist, but if you save the app in the home desktop instead and execute them from it, you do the logon, you switch in other application and re-switch to dashboard demo, et voilà, the application shows the login page again.
Most probably is a limitation of iOS, I wondered if there was a workaround.

Cristian

In general there is no problem wir cookies and the ios safari. Vaadin does nothing special at this topic.

Maybe you should check if you are using the private browsing mode (the safari top line goes dark grey, if turned of it is light grey) or the safari does not allow cookies insome case/sends the do not track header.

I researched a bit about your problem. Seems like the “home app” functionality does some special things with cookies.

As stated here https://stackoverflow.com/questions/3813599/iphone-bookmark-to-homescreen-removes-cookies-and-session
"When I ran into this, I discovered the reason this was happening is that session cookies set on the server usually do not have an expiration value set. The default behavior in this case is for the browser to discard the cookie when the browser is closed / re-opened. Since the browser does not resend the cookie on re-opening, the server has no way of identifying the session, even if it hasn’t expired on the server yet, and thus, your user is redirected back to the login page.

When the user is using your site in web app mode (icon added to home screen), iOS treats navigating to / from the app the same way a desktop computer would treat closing and reopening the browser, and loses the session when reopened."

So i tested it in my case with spring boot. If i set no special cookie setting i get this

If i use

server.session.cookie.max-age=4800

Now the cookie has an expire date set and in my case it now works… maybe you can test it

Thanks Patrik, with max-age setted it works, in my opinion it’s correct that cookie expires when the user closes the browser, for more reason, as Enver said, this is a bug of iOS system.

Thanks for all
Cristian

I solved with intercepting the situation of iOS system and Home App browsing in login view, then forcing the max-age of cookie session (JSESSIONID), in my case 1 day. I have in my application an time out of 30 min that expire session in any case if user doesn’t click anything:

if (Page.getCurrent().getWebBrowser().isIOS() && !Page.getCurrent().getWebBrowser().isSafari() && !Page.getCurrent().getWebBrowser().isChrome() && !Page.getCurrent().getWebBrowser().isFirefox()) { Cookie sessionCookie = getCookieByName(SESSION_COOKIE_NAME); if (sessionCookie != null) { sessionCookie.setMaxAge(SESSION_COOKIE_IOS_TIMEOUT); VaadinService.getCurrentResponse().addCookie(sessionCookie); } } Thanks at all
Cristian

Interesting, nice solution. I wonder what the browser actually identifies itself as at that point…

An easy solution is to extend the lifetime of your session cookie. This works across web apps (as long as they point to the same page, of course), and even between the web app and the regular web version of your
IOS
application.

No local storage solution is required because all logic remains server side, and this even works between device reboots. An HTML request is still done every time the web app is opened, but without breaking app flow because the server simply serves the same content as where the user was before he left the web app.

The trick is to do this:
session_start();
$cookieLifetime = 365 * 24 * 60 * 60;
etcookie(session_name(),session_id(),time()+$cookieLifetime);