WKWebsiteDataStore.nonPersistent() shares cookies with NSURLSession/HTTPCookieStorage.shared

Originator:hartwellalex
Number:rdar://7369039 Date Originated:Oct 11, 2019 at 11:29 AM
Status:Open Resolved:
Product:WebKit Product Version:iOS 13
Classification: Reproducible:Always
 
Here is an example project that creates the issue. I am serving the two php files via camp.

The URLSession request to /test.php has the cookies set inside of the nonPersistent WKWebview instance from /index.php

Index.php:
```
<?php
ob_start();
if (isset($_COOKIE['test'])) {
    echo 'cookie is already set<br>';
    print_r($_COOKIE);
} else {
    setcookie('test', 'cookie test content', time()+3600);  /* expire in 1 hour */
    echo 'Set the cookie';
}
?>
```

test.php:
```
<?php
ob_start();
if (isset($_COOKIE['test'])) {
    echo 'cookie is set :scream:<br>';
    print_r($_COOKIE);
} else {
   print_r("No cookies in request");
   echo 'No cookies in request';
}
?>
```

ios app:
```
import UIKit
import WebKit

class ViewController: UIViewController {
    private let kSessionConfiguration: URLSessionConfiguration = {
        let configuration = URLSessionConfiguration.default
        configuration.urlCache = URLCache(memoryCapacity: 100 * 1024 * 1024, diskCapacity: 500 * 1024 * 1024,
                                          diskPath: nil)
        configuration.timeoutIntervalForRequest = 15
        return configuration
    }()
    lazy var session = URLSession(configuration: self.kSessionConfiguration)
    lazy var webViewConfiguration: WKWebViewConfiguration = {
        let config = WKWebViewConfiguration()
        config.websiteDataStore = .nonPersistent()
        config.processPool = WKProcessPool()
        return config
    }()
    lazy var webView = WKWebView(frame: .zero, configuration: self.webViewConfiguration)

    override func viewDidLoad() {
        super.viewDidLoad()

        self.view.addSubview(self.webView)
        self.webView.frame = UIScreen.main.bounds
        self.webView.navigationDelegate = self
        let url = URLRequest(url: URL(string: "http://192.168.0.108:8081/index.php")!)
        self.webView.load(url)
    }


}

extension ViewController: WKNavigationDelegate {

    func webView(_ webView: WKWebView, didFinish navigation: WKNavigation!) {
        DispatchQueue.main.asyncAfter(deadline: .now() + 2) {
            let urlRequest = URLRequest(url: URL(string: "http://192.168.0.108:8081/test.php")!)
            let task = self.session.dataTask(with: urlRequest) { data, response, error in
                DispatchQueue.main.async {
                    let alert = UIAlertController(title: String.init(data: data!, encoding: .utf8), message: nil, preferredStyle: .alert)
                    alert.addAction(UIAlertAction.init(title: "Cool", style: .cancel, handler: nil))
                    self.present(alert, animated: true, completion: nil)
                }
            }
            task.resume()
        }
    }
}


On a simulator the cookies are never shared between the webview and URLSessionRequests but on a device they are shared.

Comments

I can't reproduce this using the code submitted. However I do see the problem behavior if I delete this line of code:

config.websiteDataStore = .nonPersistent()

I.e., I'm seeing the bug in iOS 13 when the websiteDataStore == .default()

By mikado2005 at April 15, 2020, 4:03 p.m. (reply...)

Please note: Reports posted here will not necessarily be seen by Apple. All problems should be submitted at bugreport.apple.com before they are posted here. Please only post information for Radars that you have filed yourself, and please do not include Apple confidential information in your posts. Thank you!