Fixes affiliation api session cookie issue when switching netid users.

uw-it-aca · Jun 25, 2020 · 2c83756 · 2c83756
1 parent 695b9b4
commit 2c83756
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 2 deletions.
diff --git a/myuw-ios/AppAuthController.swift b/myuw-ios/AppAuthController.swift
@@ -471,9 +471,13 @@ extension AppAuthController {
                 var urlRequest = URLRequest(url: affiliationURL!)
 
                 // send id token in authorization header
-                os_log("ID token: %@", log: .appAuth, type: .error, self.authState?.lastTokenResponse?.idToken ?? "NONE")
+                os_log("ID token: %@", log: .appAuth, type: .info, self.authState?.lastTokenResponse?.idToken ?? "NONE")
                 urlRequest.setValue("Bearer \(self.authState?.lastTokenResponse?.idToken ?? "ID_TOKEN")", forHTTPHeaderField: "Authorization")
 
+                // disable cookies for API requests - gets around session cookie issues with middleware
+                urlRequest.httpShouldHandleCookies = false
+                os_log("affiliation api urlrequest cookies: %@", log: .appAuth, type: .info, urlRequest.httpShouldHandleCookies.description)
+
                 // create a task to request affiliations from myuw endpoint
                 let task = URLSession.shared.dataTask(with: urlRequest) {
                     data, response, error in DispatchQueue.main.async {
@@ -566,7 +570,7 @@ extension AppAuthController {
                             os_log("userAffiliations: %{private}@", log: .appAuth, type: .info, User.userAffiliations)
 
                         }
-
+                            
                         // transition to the main application controller
                         self.showApplication()
 

diff --git a/myuw-ios/WebViewController.swift b/myuw-ios/WebViewController.swift
@@ -286,6 +286,8 @@ extension WKWebView {
             // pass the authorization bearer token in request header
             request.setValue("Bearer \(ProcessPool.idToken)", forHTTPHeaderField: "Authorization")
 
+            os_log("webview urlrequest cookies: %@", log: .webview, type: .info, request.httpShouldHandleCookies.description)
+
             // load the request
             os_log("loading request: %@", log: .webview, type: .info, url.absoluteString)
             os_log("loading headers: %@", log: .webview, type: .info, request.allHTTPHeaderFields!)