Titanium Community Questions & Answer Archive

We felt that 6+ years of knowledge should not die so this is the Titanium Community Questions & Answer Archive

Cookies are not set on Titanium Desktop OS X

I experience a strange behavior with how Titanium Desktop sets cookies. It seems it does not set/update cookies if requested from a Ajax call.

I run an ExtJS based Javascript application in Titanium with a local web-server as backend that sets a session cookie. My complete application is just a single index.html file and the rest is basically AJAX calls to my web-server.

It seems that an AJAX response with a set cookie header is ignored. Only when I serve the index.html from my web-server like instead of app://index.html the cookie gets set in Titanium. Once the cookie is set it is not updated by a new cookie in a response header of an AJAX call. So when a cookie expires on my web-server and the server creates a new session it is ingored by Titanium that keeps sending the old cookie.

Strangely, I don't see the cookie in document.cookie or in the Web-inspector, but it is clearly set because it is included in all AJAX calls. I also don't know where Webkit cookies get stored, apparently not in network_httpclient_cookies.dat.

I suspect a bug here, and it seems to be OS X only since setting cookies always have worked flawlessly for more than a year while I developed the application under Linux.

— asked April 17th 2010 by Stefan Washietl
  • cookie
  • desktop
  • osx

4 Answers

  • Do not use cookies, use localStorage(?).

    — answered April 18th 2010 by Aleksandr Beshkenadze
    1 Comment
    • Well, yeah, but sometimes we may be building desktop applications that are designed to inter-operate seamlessly with existing web applications / apis. If they're already sending session cookies, then yeah, it'd be nice to simply use them.

      Anyway, if the Titanium developers can patch the runtime to accept cookies within the app:// domain, that'd be sweet, but in the meantime I'm attempting to get the "invisiwindow" workaround to work for me. :)

      — commented October 7th 2010 by Joshua Pruitt
  • I've found a workaround by creating an invisible Titanium window and setting the URL to some empty page of my web-app. This sets the session cookie and I can close this window right after the page has loaded.

    I've also tried using a hidden iframe but this does not set the cookie either.

    I'm not sure if I should file a bug for this. Things are complicated because it is not clear what domain app://index.html really is and I'm also not sure whether XMLHttp requests should set cookies. At least there is an inconsistency between Linux and OSX.

    I'd still be interested though were Titanium Webkit actually stores the cookies. This would help debugging.

    @Aleksandr: Thanks for the tip but I don't want to add code myself for maintaining my session. My web-app server (Catalyst, something like "Perl on Rails") handles all this transparently through HTTP headers and cookies.

    — answered April 18th 2010 by Stefan Washietl
    1 Comment
    • I'm having the same problem myself. Did you ever figure out a more permanent solution? If not, can you tell me a little bit further how to create the invisible window? Thanks.

      — commented September 20th 2010 by Riley Dutton
  • I can confirm that this is definitely a bug if comparison with Titanium Desktop for other platforms is to be trusted. I normally work in Windows and Linux and my application works with cookies for authentication without problem. The same application fails to save cookies on OSX.

    The worst part is that the application I am developing will mostly run on OSX. I really hope they will fix this in 1.2 final.

    — answered July 6th 2011 by Miloš Rašic
    1 Comment
    • I have managed to get my application to work on OSX a couple of times. It seems that if I do something quickly after logging in, the cookie will work and my ajax requests are considered authenticated. If I leave the application idle for some time, my ajax requests are rejected. It seems that Titanium Desktop for OSX is either expiring the cookies very quickly or corrupting them in some way so that the data is no longer recognized by the server.

      — commented July 6th 2011 by Miloš Rašic
  • I've found the reason why the sessions didn't work on my application, and it might be similar for the other people who have this problem. Desktop SDK 1.2RC has no problem with cookies on OSX. My problem was the fact that this version of Titanium Desktop sends an empty User-Agent header then suddenly starts sending junk as User-Agent header in a random moment. My server code validates the user agent in order to prevent session hijacking so it considered the session invalid because user agent didn't match. I fixed this by setting User-Agent header to my own value with

    httpClient.setRequestHeader('User-Agent', 'my own value you do not need to know');

    For those interested in doing their own debugging, Titanium Desktop applications save the cookie in a cookies.dat file in their data directory. For example, an application called MyApp running for user Me would save the cookie in /Users/Me/Library/MyApp/cookies.dat

    — answered July 6th 2011 by Miloš Rašic
The ownership of individual contributions to this community generated content is retained by the authors of their contributions.
All trademarks remain the property of the respective owner.