AFNetworking saves cookies created on server forever?

Question

I have such problem with my iOS application. I use AFNetworking to communicate with my REST api on node.js (powered by express.js) server.

I have 2 endpoints one for login and another for logout. When user logins I create cookie on server side middleware like this:

res.cookie(config.auth.cookieName, req.token, {
    domain: config.domain,
    maxAge: config.auth.tokenTtl * 60 * 1000,
    httpOnly: true,
    secure: config.auth.secure
});

And when user logouts I delete it:

res.clearCookie(config.auth.cookieName, { domain: config.domain });

Everything works except my iOS app behaves strangely however the logic is simple: on root view controller I make request to server and if auth fails perform segue to login view controller.

So.. I ran my app in simulator, login and then logout - everything works fine - app segue takes me back to login. Close simulator.

BUT! when I ran simulator again I should be on login page (cause I've done logout in previous session) instead of that I'm authorized again..

And I'm trying to understand whether AFNetworking doing smth wrong.. or server cookies..

Answer 1

There used to be a bug when using POST and clearing cookies on AFNetworking. Not sure what version you are using though. My guess is that it's still stored in AFNetworking and sent upon the next requests.

Have you tried clearing the cookies on the client-side (in AFNetworking?)

Something like:

NSArray *cookies = [[NSHTTPCookieStorage sharedHTTPCookieStorage] cookiesForURL: networkServerAddress];
for (NSHTTPCookie *cookie in cookies) 
{
    [[NSHTTPCookieStorage sharedHTTPCookieStorage] deleteCookie:cookie];
}