https://supertokens.com/
Join Discord
On Clearing Cookies or Using incognito Mode in React Native Webview Android, SuperToken Session is e...
# support-questions-legacy
m
On Clearing Cookies or Using incognito Mode in React Native Webview Android, SuperToken Session is expired. Can anyone help me here?
r
hey @malikkhoja can you please describe the steps that you are doing? I don't quite understand from the description.
m
Login with SuperToken using PasswordLess, than we have a webview in which we have to either put incognito mode or if we clear cookies if user clicks back button on webview. So once we clear cookies or if we use incognito mode of webview, ever our session with supertoken is expired
So needed help here to solve the issue
@rp_st Can you please help
r
so there exists a session already in the react native app (independent of the web view)?
And somehow that's cleared when the web view's session (which is supposed to be a different session) gets cleared?
m
Yes
r
That’s odd. How are you creating a session in the web view?
m
We are not creating session in Webiew. We simply open a payment gateway url in webview with incognito={true} and this clears SuperToken's Session as well
r
And that supertokens session is in the react native app?
m
Yes
r
Perhaps @nkshah2 can help here.
n
Hi, have you done any setup to sync cookies in the webview with the rest of the app?
m
Nope we havent. Reason to add incognito in web view is that if user opens payment gateway and want to go back from that point and then wants to re initiate the payment flow, payment gateway has cookies and gives error saying clear cookies and try again. So if we clear cookies using react-native-cookies library method CookieManager.clearCookie then SuperToken session cookies are also cleared and we get 401. The same happens when we use incognito={true} prop in webview
n
Right so 
react-native-cookies
works for both native cookies and the webview cookies. Clearing using the manager will also clear for the native side of things and clear the session cookies we create
If you want the webview to be isolated in terms of session its probably easier to launch a webview without it using credentials. Simply using an incognito chrome tab/webview instance should be enough to not have it share cookies with other webviews or the rest of your app
You should not need to clear cookies manually
m
Even if we do not clear cookies manually and simply use incognito prop of webview, still the session of supertoken is gone and we get 401
n
Can I see the code for when you launch the webview?
Also can you confirm that logging in and checking for a session without launching the webview at all works correctly?
m
Yes all works perfectly fine if we do not use incognito={true}
Even webiew works fine
Code for WebView
<WebView ref={webViewRef} source={{ uri: authLink }} renderLoading={() => ( )} style={flexOne} automaticallyAdjustContentInsets={false} javaScriptEnabled={true} domStorageEnabled={true} originWhitelist={["*"]} decelerationRate="normal" startInLoadingState={true} thirdPartyCookiesEnabled={false} sharedCookiesEnabled={false} scalesPageToFit={true} incognito={true} scrollEnabled={true} useWebKit={true} onShouldStartLoadWithRequest={handleShouldLoad} bounces={true} onNavigationStateChange={handleWebViewNavigationStateChange} />
n
And you arent calling CookieManager.clearAll() anywhere in your code?
m
Nope
just incognito={true}
As it was not working with incognito={true} we had tried an alternate solution of CookieManager.clearAll()
But that didnt work either
n
Are you using 
react-native-webview
?
m
yes
n
Is this only Android per chance or iOS as well?
m
We are facing this in Android Only
Didnt test this on IOS
n
So im looking at the source code for react native webview and it looks like they clear all cookies when incognito is set to true on Android (https://github.com/react-native-webview/react-native-webview/blob/master/android/src/main/java/com/reactnativecommunity/webview/RNCWebViewManager.java#L499) Im not sure why this would be required for them to do but that looks like the source of this problem
m
Yeah and we need it to clear cookies of payment gateway. Also cookie manages doesnt expose provision of clearing cookie specific to any url. This method is only available in IOS
I believe SuperToken saves token in AsyncStorage, so even if cookies are cleared, cant it pick from asyncStorage again?
n
We rely on both async storage and cookies at the moment. We are working on having it rely only on headers which would solve this issue, but that wont be released till next week or so
m
I saw a PR that was merged 2weeks back. Can we expect that release this week or so?
n
Yeah we just need to finish up (testing etc) and is slated for next week
m
Ohk. Would you help us with a workaround till we get the next release
n
Yep im checking if there is a workaround here, give me a bit and ill see if I can find something
m
Sure Thanks a lot
Really appreciate your help and prompt replies
n
If youre interested in only clearing the PG cookies, then the payment gateway could clear the cookies in the initial response or something But ill check if theres a cleaner approach here
m
PG cookies gets cleared automatically based on time. But cant rely on that
Can we set cookies our selves? Like we know what cookies need to be set for super token we can do it at our end
n
You could getAllCookies before opening the webview and then set them again after the webview is done maybe
Im not 100% on that but you could try that
m
Cool, I ll give that a try
Hey it worked
Thanks for your help @nkshah2 @rp_st
n
Happy to help
10 Views
PreviousNext
Powered by

SuperTokens.com

SuperTokens is an open source authentication solution offering features like: Different types of login: Email / password, Passwordless (OTP or Magic link based).

Powered by