Mobile Apps: Identity Session/Cookie Not Maintained

brad · March 5, 2021, 10:25pm

That seems to have fixed it! Again, I thank you so much!

You guys never sleep … amazing.

daves88 · August 12, 2025, 9:03pm

If I implement this now on the newest Wappler version will it work? Also will the next Wappler update I do just override this?

franse · August 12, 2025, 9:22pm

@daves88
If you are having issues, check:

daves88 · August 12, 2025, 9:50pm

Yes I have.. I have gone through every forum topic trying every suggested solution but still nothing. Everytime I login the cookies are not stored. The only thing I haven’t tried is replacing the dmxappconmect file as per above.

franse · August 12, 2025, 10:01pm

Are those http-only?
On your login request do you have something else?:

image1077×295 22.6 KB
Have you tried calling a restricted API? (Don't forget credentials=true)

daves88 · August 12, 2025, 10:12pm

daves88 · August 12, 2025, 10:13pm

Yes I’m trying to hit an api action with security restrict and security identify at the start of the action. I have credentials ticked in server action . So when logging in I check safari dev logs while mobile connected to laptop and the cookies are empty. On web it’s working perfectly . So clearly authentication cookie not being stored on iOS

franse · August 12, 2025, 10:22pm

I can see origin is: capacitor://localhost
Is that on your cors settings?
Have you tried this on capacitor.config.json?

  "server": {
    "androidScheme": "https",
    "hostname": "domain.com"
  }
}

Where domain.com is your backend

daves88 · August 12, 2025, 10:40pm

Yes that’s in my cors, and yes changed the config file

daves88 · August 12, 2025, 10:40pm

Have you tested a new mobile project on capacitor to see if the login credentials work and if cookies are stored? On latest Wappler version ? I’m running nodejs as well

franse · August 12, 2025, 11:02pm

Will try a new one but without a Mac, so it has to be Android

daves88 · August 12, 2025, 11:10pm

Ok.. btw here is my capacitor.config.json (i have my actual name and domain but below I have just put xx instead.

{
"appId": "com.xxxxx.xxx",
"appName": "xxx",
"webDir": "www",
"bundledWebRuntime": true
"plugins": {
"CapacitorCookies": {
"enabled": true
},
"CapacitorHttp": {
"enabled": true
}
},
"server": {
"androidScheme": "https",
"iosScheme": "https",
"hostname": "app.mxxxx.com.au"
}
}

franse · August 13, 2025, 12:00am

I'm facing an error here, but hard to catch, let me do some more test please

daves88 · August 13, 2025, 12:05am

No problem. Honestly I don’t think this was ever resolved. The above patch released years ago is the only band aid solution I have found. And over the years who knows what could have changed with iOS updates that renders that patch useless now. Very frustrating that I’m stuck with an issue as simple as allowing a mobile app to login.

franse · August 13, 2025, 12:46am

How is your login step?

Can you make a simple login (on ios) and then navigate with dmx.app.data on the console till you get to the api form?
I get an error like
lastError: message: "Response was not valid JSON"

daves88 · August 13, 2025, 1:08am

I have no login error.. I can login fine: 1. lastError:

message: ""
response: null
status: 0

franse · August 13, 2025, 1:12am

Got it working in my case, I think the problem showed above comes on how response arrives..
I think it differs on apache/nginx but I'm not entirely sure:

Try this:
Delete the server thing on your capacitor.config.json and use https://localhost (add it for cors)
Disable http plugin

Server side:

Security provider:

config.json:

{
  "debug": true,
  "secret": "XXXXX",
  "port": 5000,
  "cors": {
    "origin": [
      "capacitor://",
      "capacitor://localhost",
      "http://localhost",
      "capacitor-electron://localhost",
      "http://localhost:61950",
      "https://localhost"
    ],
    "allowedHeaders": "accept,authorization,content-type,origin,referer"
  }
}

Client side:
capacitor.config.json:

{
  "appId": "com.example.app",
  "appName": "helloworld",
  "webDir": "www",
  "bundledWebRuntime": true,
  "plugins": {
    "CapacitorCookies": {
      "enabled": true
    },
    "CapacitorHttp": {
      "enabled": false
    }
  }
}

apiform:

<form is="dmx-api-form" id="apiform1" method="post" credentials="true" action="https://mydomain.com/api/test/mobilelogin">

PS: Don't forget to include credentials=true on api login form..

daves88 · August 13, 2025, 1:24am

franse:

{
  "appId": "com.example.app",
  "appName": "helloworld",
  "webDir": "www",
  "bundledWebRuntime": true,
  "plugins": {
    "CapacitorCookies": {
      "enabled": true
    },
    "CapacitorHttp": {
      "enabled": false
    }
  }
}

Thank you.. which capacitor.config.json are you referring to? ios/App/App/capacitor.config.json or ios/capacitor.confiog.json ?? also which config.json are you referring to? I dont have a config.json

daves88 · August 13, 2025, 1:34am

on my server side config I have this: {
"debug": true,
"secret": "xxxxx",
"cors": {
"origin": [
"https://app.xxxxxxcom.au",
"capacitor://",
"capacitor://localhost",
"http://localhost",
"capacitor-electron://localhost",
"http://localhost:55727",
" http://127.0.0.1:55727"
],
"methods": "GET,POST,OPTIONS,PUT,PATCH,DELETE,CONNECT",
"allowedHeaders": "accept,authorization,content-type,origin,referer, x-requested-with"
},

franse · August 13, 2025, 1:38am

You don't have a capacitor.config.json on root folder?

Edit that one, then when clicking build button, the bundler should make automatically another version for the iOS

Try adding https://localhost (with https)