fix(ios): recover session from biometric Keychain when cookies are missing#32150
Conversation
…ssing Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: c5eb67a6b7
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| installSessionCookies(token); | ||
| const retryResult = await getSession(); | ||
| if (retryResult.ok && retryResult.data.user) { |
There was a problem hiding this comment.
After writing the recovered token with installSessionCookies(token), this immediately calls getSession() once. In WKWebView, cookie writes are asynchronously flushed to the HTTP cookie store, so the first probe can still be unauthenticated even with a valid token; this causes initSession() to incorrectly fall through to logged-out state and makes biometric recovery flaky on iOS cold starts.
Useful? React with 👍 / 👎.
|
|
||
| // Biometric recovery: on iOS, the session cookie may have been lost | ||
| // when WKWebView was killed. Try to restore from Keychain via Face ID. | ||
| if (isNativePlatform() && isBiometricEnabled()) { |
There was a problem hiding this comment.
The biometric branch runs for every initial session miss, including transient network errors or server 5xx responses from getSession(), not just missing/expired auth cookies. On native devices with biometrics enabled, this can trigger unnecessary Face ID/Touch ID prompts during outages or offline resumes, even though recovery cannot succeed in those conditions.
Useful? React with 👍 / 👎.
…metric recovery (#32153) * fix(ios): enable CapacitorCookies to persist session cookies across app kills (#32147) Co-authored-by: Vellum Assistant <assistant@vellum.ai> Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * fix(ios): add WKAppBoundDomains for reliable cookie persistence (#32148) Co-authored-by: Vellum Assistant <assistant@vellum.ai> * fix(ios): recover session from biometric Keychain when cookies are missing (#32150) Co-authored-by: Vellum Assistant <assistant@vellum.ai> Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * fix(ios): clear biometric Keychain token on logout (#32149) Co-authored-by: Vellum Assistant <assistant@vellum.ai> Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * fix: remove stray merge conflict marker from auth-store test --------- Co-authored-by: Vellum Assistant <assistant@vellum.ai> Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
1 participant
Summary
Part of plan: ios-session-persist.md (PR 2 of 4)