Skip to content

fix(ios): remove CapacitorCookies — splits cookie store and breaks auth#32163

Merged
Jasonnnz merged 1 commit into
mainfrom
jz/remove-capacitor-cookies
May 26, 2026
Merged

fix(ios): remove CapacitorCookies — splits cookie store and breaks auth#32163
Jasonnnz merged 1 commit into
mainfrom
jz/remove-capacitor-cookies

Conversation

@Jasonnnz
Copy link
Copy Markdown
Contributor

@Jasonnnz Jasonnnz commented May 26, 2026

Summary

  • Remove plugins.CapacitorCookies.enabled: true from capacitor.config.ts
  • CapacitorCookies patches document.cookie to write to native HTTPCookieStorage, but fetch() still reads from WKWebView's own cookie jar — creating a split-brain where installSessionCookies() writes to one store and getSession() reads from another
  • This caused both the initial login flow and biometric recovery to fail: cookies were written but never seen by fetch-based session checks
  • Biometric Keychain recovery (merged in fix(ios): persist session across app kills via CapacitorCookies + biometric recovery #32153) is the correct session persistence mechanism and doesn't depend on cookie store behavior

Test plan

  • Build and run on physical iOS device
  • Sign in → verify successful authentication (no double sign-in)
  • Force-quit and reopen → Face ID should restore session
  • Sign out → reopen → should show login screen (no stale recovery)

🤖 Generated with Claude Code

@claude
fix(ios): remove CapacitorCookies — splits cookie store and breaks auth
99a417e 
CapacitorCookies patches document.cookie to write to native
HTTPCookieStorage, but fetch() still reads from WKWebView's own
cookie jar. This creates a split-brain: installSessionCookies()
writes to native storage, but getSession() (via fetch) never sees
the cookie. Biometric recovery and the initial login flow both fail
because the session check always returns unauthenticated.

Biometric Keychain recovery is the correct session persistence
mechanism — it survives app kills regardless of cookie store behavior.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@Jasonnnz Jasonnnz self-assigned this May 26, 2026
@Jasonnnz Jasonnnz merged commit 84db06c into main May 26, 2026
7 checks passed
@Jasonnnz Jasonnnz deleted the jz/remove-capacitor-cookies branch May 26, 2026 20:48
@vellum-apollo-bot vellum-apollo-bot Bot mentioned this pull request May 27, 2026
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@Jasonnnz Jasonnnz

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@Jasonnnz