Nativescript: HTTP Cookies support for XHR
Our current XMLHttpRequest implementation tries to mimic the browser ones as much as possible. While doing that it eschews adding support for cookies on the XHR object itself. This is nice, but we still need an API that allows programmers to work with cookies
Browsers automatically parse and send cookies for every request. We could probably implement similar functionality e.g. a global cookie jar. We also need a way to manipulate that one, similar to the web document.cookie entrypoint.
It should be possible to work with cookies at the moment, but it is probably extremely inconvenient. I guess it would involve parsing Set-Cookie headers and concatenating strings in the correct cookie format and sending them back as a Cookie HTTP header.
Related issues:
- https://github.com/NativeScript/NativeScript/issues/1833 -- the original multiple header values issue fixed on master, but the original problem is related to working with cookies.
Want to back this issue? Post a bounty on it! We accept bounties via Bountysource.
hdeshev
All 21 comments
Delaying implementation since API's relying on cookies are really rare. We may reconsider if someone comes up with a popular API that needs cookies.
hdeshev
on 3 Aug 2016
What about session management? Best practice for wep applications is to send session information in an http only cookie. If a developer wants to use the same interface for web apps and mobile apps written in nativescript, then you either need to write additional code server side to handle api requests from mobile applications in a different manner, or you need to manage cookies on the mobile app.
spbond
on 26 Jan 2017
I'm working on a library that provides a user authentication interface for Google HTTP Functions. As such, I need session management, and after some research, I was convinced that using http-only cookies was the most secure approach.
Prior to that, JWT was my first obvious choice. But after reading about JWT not being recommended for session management, I decided to go with client-sessions, which uses Set-Cookie headers in responses. It was like the best of both worlds to me, because I wouldn't have to deal with storage on the client-side, or tell people to add extra code in their clients. Browsers do it automatically, and ReactNative has some support.
As a partner in my current company, I'm tasked with making decisions about which frameworks we use in different projects. In this case, a mobile app. React is usually not in my list of choices (and ReactNative by association), but I was asked to justify why not use it, because it's a famous framework after all. But while making a pitch for NativeScript, I found myself in a hard place because of lack of better cookie support.
I still plan to add JWT support to my library, even if it's allegedly "less secure" or more complex to work with. However I believe that NativeScript could benefit from having better cookie support. For one thing, It would keep me from even considering ReactNative (or anything else really) to be the mobile client framework of choice for APIs created with my library.
If I'm mistaken about my assumptions of JWT, I'd appreciate some pointers.
pauloddr
on 18 May 2017
I ran into this same issue with regards to cookies and http requests in nativescript. it was after trying so hard I had to admit that cookies are not yet supported. I really need this functionality, I need to mimic session management like the browser for a website I am trying to integrate with an app I am designing. In my opinion, this situation is not a rare one.
Well done guys. You are doing a great job with NativeScript
jilenloa
on 28 Jun 2017
My app relies on cookie to save session data for user auth, and I think cookie is a fundamental feature of modern apps, especially for ones using distributed session data.
I think cookie is a core feature and is not optional.
I tried the credentials: 'include' option of your fetch module, but it does not work.
Hope the cookie feature can come as soon as possible.
Thank you very much.
bigradish
on 9 Nov 2017
Hi @hdeshev , We are developing a internal app store to our company and it has lot of api's to deal with cookies. Is there a way to expedite this feature. In iOS, XHR calls are taking the cookies by default but its in android, i have to set cookie header manually..
harishdvlng
on 26 Apr 2018
Whaw, a show stopper. no cookie support in http.. module...
workaround anyone ? (dont want to roll my own)
pedromorgan
on 5 Jun 2018
I'm also in need of cookies, any update on this?
alx741
on 8 Jul 2018
any updates on this?
bhavincb
on 17 Sep 2018
Would love to see this moving forward
SkupeZZ
on 30 Oct 2018
+1
xpleria
on 11 Nov 2018
Any development on this front please? I need cookies as well for an API I have no control over but expects cookies.
iconicsammy
on 29 Dec 2018
ASAP...
BambiHaber
on 20 Mar 2019
Actually im using fetch, and it seems to work...
BambiHaber
on 21 Mar 2019
Actually, we use the http module from Nativescript, and it does. But there's no control over cookies, so it's not possible to delete them.
mtancoigne
on 3 May 2019
Can someone actually implement this? Or we are literally have to rewrite our authentication method to use token-based instead. HAHA
jcfrane
on 4 Jun 2019
any update on this?
kyawzintun
on 18 Dec 2019
I switched to Flutter a year ago, primarily for this issue (blessing in disguise)
pedromorgan
on 18 Dec 2019
Any update on this?
mhtsharma948
on 30 Jul 2020
I think this could be handled externally in nativescript-https. Almost everything is there to handle it. What i miss is to understand what s wanted and what the API would look like.
farfromrefug
on 30 Jul 2020
Big thanks @farfromrefug just checked that repo and solved my setting cookie problem 馃憤
lukesUbuntu
on 29 Oct 2020
Related issues
tjvantoll
路
46Comments
rclai
路
52Comments
AbanoubNassem
路
53Comments
valentinstoychev
路
136Comments
ikhsan017
路
55Comments
Most helpful comment
Would love to see this moving forward