17 Aug 2012 1:01 AM #1
Unanswered: Forcing re-authentication after offline usage on iOS devices?
My Sencha Touch application resides on an Apache server with server-side basic authentication, i.e. upon the first connection, the user has to enter his/her credentials via the browser prompt. The application then gets cached using the cache.manifest and provided HTML5 mechanisms. If I take my iOS device offline and re-open the page, I can see and use the cached version just fine.
When taking my device online again, it is always using the cached version of my page but I'd rather like to sync the cache with the server (which, of course, requires a re-authentication with the server).
Is it possible to somehow force the user to re-authenticate his/herself on startup? Or am I doing something entirely wrong and the source of the problem is not the authentication?
The interesting thing is that it works as intended when only using the Safari browser, because it seems to cache the credentials too. If I, however, install the App to my homescreen, I still only get the cached version.
I am glad for every advice!
20 Aug 2012 5:15 AM #2
- Join Date
- Mar 2007
- Gainesville, FL
- Vote Rating
What happens if you do an Ajax request? Will it fail and with a status code that says you need to auth?
I personally never use basic auth as passwords are sent in plain text, it has no security really.Mitchell Simoens @SenchaMitch
Sencha Inc, Senior Software Engineer
Check out my GitHub, lots of nice things for Ext JS 4 and Sencha Touch 2
Think my support is good? Get more personalized support via a support subscription. https://www.sencha.com/store/
Need more help with your app? Hire Sencha Services email@example.com
Want to learn Sencha Touch 2? Check out Sencha Touch in Action that is in print!
When posting code, please use BBCode's CODE tags.
20 Aug 2012 11:36 PM #3
thanks for your answer. I know that basic auth is not secure at all, however, I am forced to use it since the server uses the provided credentials to set several access permissions for the user, and I have no influence on its architecture. Additionally, the user in our scenario will only reach the server through a VPN.
Unfortunately I can't really see what's going on since I don't have a debug console when starting the app from the homescreen (undecorated Safari) and it works as intended when using the "normal" Safari.
It has to have to do with authentication and caching, because, if I don't use the cache.manifest, the undecorated Safari requests the credentials each time I open the app from the homescreen.
14 Nov 2012 12:27 PM #4
I am having the same issue. I use an Ajax request to post username and password to the server. I can pull it up just fine in Safari. When I bookmark to the home screen it always works the first time. But when I pull the bookmark back up it appears iOS goes into some kind of offline mode that doesn't happen in Safari. The result code for the failure is 0 and my server logs don't show any requests.
I have researched this quite a bit. Going to far as to change my cache manifest to cache.manifest from cache.appCache (I used sencha cmd 3 and touch 2.1 for the app running on iOS 6.01) as well as changing the apple-mobile-web-app-capable to no and making sure that the apple-touch-icon references all show up in my root directory. That was part of a tip for someone using a mapping application that wasn't working right.
I suspect Apple changed how these ran in iOS 6 and just hasn't told anybody. But until I find a work around I have no choice but to run the app in the browser.
15 Nov 2012 12:49 AM #5
the issue still persists and I am forced to disable the cache manifest completely. I may note that it makes no difference whether I use iOS 5 or 6.
I am looking forward to a solution.
21 Nov 2012 6:40 AM #6