homepage Welcome to WebmasterWorld Guest from 54.196.197.153
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member
Home / Forums Index / Code, Content, and Presentation / HTML
Forum Library, Charter, Moderators: incrediBILL

HTML Forum

    
Persistent cookies for mobile
Alternative ways to recognize returning users
GoNC




msg:4685060
 8:12 am on Jul 4, 2014 (gmt 0)

When a site users logs in to my site, I give them the option of "Remember me". A cookie is set, and if they select "Remember me" then they're given a cookie with an expiration date 1 year in the future.

I'm constantly battling the issue that mobile browsers (specifically, Safari for iPhone and whatever Android uses by default) don't seem to recognize these persistent cookies, though. So every time a user returns to my site, they have to log back in. I have constant complaints about it, but I'm 99.9% sure it's the browser's fault.

Any suggestions on an alternative method to recognize returning users? I've read references to "known IDs", referring to unique IDs for a device (I guess like a MAC ID?), but I can't find a lot of detail on it.

 

penders




msg:4685140
 2:56 pm on Jul 4, 2014 (gmt 0)

Just to clarify... these are first-party cookies, not third-party cookies?

AFAIK all relatively modern mobile browsers support persistent first-party cookies by default. Chrome (the default browser on Android these days) certainly does. I can't be sure off hand whether the previous "Android browser" did - but I'm pretty sure it did. (To be honest I would be very surprised if it didn't.)

(IMO, it is easier to disable cookies on a mobile browser. And mobile browsers do not seem to differentiate between first/third party cookies!?)

I've read references to "known IDs", referring to unique IDs for a device (I guess like a MAC ID?), but I can't find a lot of detail on it.


Not sure about this, but I imagine these are only available to native apps that have the required permissions?

incrediBILL




msg:4685800
 1:05 am on Jul 8, 2014 (gmt 0)

As an example of persistent cookies, which WebmasterWorld uses, I'm always logged in when I open WebmasterWorld in any mobile browser without issue.

YMMV

GoNC




msg:4685822
 2:03 am on Jul 8, 2014 (gmt 0)

It all seems to be specific to the browser version. I use Android and have no problem staying logged in, but my GF uses an iPhone, and neither Safari nor Chrome will stay logged in.

Reading online, I'm reading reports that about 60% of the browsers will recognize persistent cookies. There are a lot of variables at play, though; I've read that you could have two identical phones, and one will support persistent cookies while the other won't.

Eventually, there's going to have to be a replacement to cookies if this lack of support continues.

lucy24




msg:4685828
 2:16 am on Jul 8, 2014 (gmt 0)

And mobile browsers do not seem to differentiate between first/third party cookies!?

Mobile Safari-- at least the iPad version-- does. By default, only first-party cookies are enabled.

I found where to change the prefs and how to delete all existing cookies, but I'm ### if I can find where to see individual cookies. It would obviously be easier to isolate the problem if you could simply go to the site in the mobile browser of your choice, and see what-if-any cookies it sets.

If you log your headers: Do requests from mobiles ever include the "Cookie:" field?

penders




msg:4685960
 10:48 am on Jul 8, 2014 (gmt 0)

And mobile browsers do not seem to differentiate between first/third party cookies!?


Sorry, that is a bit of a generalised statement. Just to clarify, I'm referring to the browser preferences that allow you to enable/disable third party cookies separately.

To be more specific... on Android... "Chrome", "Dolphin" and "Next" browsers only appear to have an On/Off cookie option (no differentiation between first and third party cookies).

However, "Firefox" and "Opera" do allow you to control third party cookies separately (default enabled in both cases).

The "UC Browser" doesn't appear to have any option to enable/disable cookies (that I can see)!? But it does support persistent cookies.

Just a thought... is it possible that some of these non-compliant browsers are set to "delete cookies on exit"?!

... but my GF uses an iPhone, and neither Safari nor Chrome will stay logged in.


There appears to be an issue if the webpage is saved as a bookmark on the home screen (or a "bookmarklet")? Persistent cookies might not be recalled in this instance?! The workaround seems to be to use localStorage?

[stackoverflow.com...]
[stackoverflow.com...]

penders




msg:4685964
 11:14 am on Jul 8, 2014 (gmt 0)

I can't be sure off hand whether the previous "Android browser" did - but I'm pretty sure it did.


I've just fired up my old Android tablet, which has the original "Android browser" (version 4.0.3-20120401) and this does indeed support persistent cookies. There is just one setting in preferences to enable/disable.

...but I'm ### if I can find where to see individual cookies.


Android browsers don't seem to show this information either. (Maybe a plugin for Dolphin?!)

Dammy




msg:4686060
 4:25 pm on Jul 8, 2014 (gmt 0)

Please are u setting the cookie with js or php or what language are u using?

GoNC




msg:4686183
 9:41 pm on Jul 8, 2014 (gmt 0)

Please are u setting the cookie with js or php or what language are u using?


Mostly I'm setting the cookie with Perl, but I tried setting a persistent cookie with Javascript and had the same result.

lucy24




msg:4686189
 10:11 pm on Jul 8, 2014 (gmt 0)

what language are [yo]u using

It shouldn't make any difference, should it?, unless the problem turns out to be that the cookie-setting code isn't working at all. Setting a cookie is not difficult. Translation: I can do it.

penders




msg:4686208
 12:56 am on Jul 9, 2014 (gmt 0)

...It shouldn't make any difference, should it?


With regards to JS vs PHP/Perl (or any other server-side language), it's possible to set an HttpOnly cookie in the HTTP response that is not accessible to JS.

Dammy




msg:4686457
 6:41 pm on Jul 9, 2014 (gmt 0)

when u ar setting up cookie with js, some browser may nt support it, maybe u cn use php's setcookie() to verify...

lucy24




msg:4686471
 7:59 pm on Jul 9, 2014 (gmt 0)

it's possible to set an HttpOnly cookie in the HTTP response that is not accessible to JS.

Ah, useful to know.

In this particular site, is the login processing and/or cookie recognition done in a script, or server-side? The question is probably a red herring, but it's good to take care of all variables.

:: vague mental association with "take arms against a sea of troubles" ::

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Code, Content, and Presentation / HTML
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved