Cookie support for SharePoint on mobiles
https://sharepoint.stackexchange.com//questions/22907
-
06-12-2019 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
How does mobile browsers deal with cookies?
I'm optimizing a customer's network site to work on mobile devices, and they would like to avoid getting prompted for logins every time they visit the site on their mobile devices (smartphones, tablets, ipads etc). So I was just wondering if SharePoint cookies are supported on mobile browsers and how to manage them properly.
I haven't succeeded in finding anything related to this on Google nor Bing.
Solution
The unfortunate answer is "it depends on the browser and the settings":
- Safari on iOS
By default Safari rejects all cookies, regardless. The user can change this in the settings from "Never accept cookies" to "From visited" or "Always". Updating iOS reset this setting back to "Never". - Opera Mobile
By default cookies are accepted, but can be turned off. - Opera Mini
Cookies are stored on the Opera servers and submitted to sites for you. Can be cleared by the client. - IE on Windows Mobile 6.5
Cookies are accepted by default.
In general, if the user's enabled cookies, and you're issuing them from the same server as the site (unlike for example the ones from stackauth.com that power SE sites), you should be ok - but if you're setting a large number of cookies, or storing more than a token in them, you should be careful - the Specification notes:
Practical user agent implementations have limits on the number and size of cookies that they can store. General-use user agents SHOULD provide each of the following minimum capabilities:
- At least 4096 bytes per cookie (as measured by the sum of the length of the cookie's name, value, and attributes).
- At least 50 cookies per domain.
At least 3000 cookies total.
Servers SHOULD use as few and as small cookies as possible to avoid reaching these implementation limits and to minimize network bandwidth due to the Cookie header being included in every request.
Note that these are for "General-Use" browsers - so Mobile browsers could well implement lower specifications, and pay attention to the server note in there.
Looking at a fairly minimal default install, I'm only seeing a couple of cookies from an Intranet style site. If you're using Forms Authentication then you'll be setting at least one more cookie for authentication and possible a session cookie as well.
