Welcome to WebmasterWorld Guest from 54.227.52.24

Forum Moderators: incrediBILL

Message Too Old, No Replies

Persistent cookies for mobile

Alternative ways to recognize returning users

     

GoNC

8:12 am on Jul 4, 2014 (gmt 0)



When a site users logs in to my site, I give them the option of "Remember me". A cookie is set, and if they select "Remember me" then they're given a cookie with an expiration date 1 year in the future.

I'm constantly battling the issue that mobile browsers (specifically, Safari for iPhone and whatever Android uses by default) don't seem to recognize these persistent cookies, though. So every time a user returns to my site, they have to log back in. I have constant complaints about it, but I'm 99.9% sure it's the browser's fault.

Any suggestions on an alternative method to recognize returning users? I've read references to "known IDs", referring to unique IDs for a device (I guess like a MAC ID?), but I can't find a lot of detail on it.

penders

2:56 pm on Jul 4, 2014 (gmt 0)

WebmasterWorld Senior Member penders is a WebmasterWorld Top Contributor of All Time 5+ Year Member Top Contributors Of The Month



Just to clarify... these are first-party cookies, not third-party cookies?

AFAIK all relatively modern mobile browsers support persistent first-party cookies by default. Chrome (the default browser on Android these days) certainly does. I can't be sure off hand whether the previous "Android browser" did - but I'm pretty sure it did. (To be honest I would be very surprised if it didn't.)

(IMO, it is easier to disable cookies on a mobile browser. And mobile browsers do not seem to differentiate between first/third party cookies!?)

I've read references to "known IDs", referring to unique IDs for a device (I guess like a MAC ID?), but I can't find a lot of detail on it.


Not sure about this, but I imagine these are only available to native apps that have the required permissions?

incrediBILL

1:05 am on Jul 8, 2014 (gmt 0)

WebmasterWorld Administrator incredibill is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



As an example of persistent cookies, which WebmasterWorld uses, I'm always logged in when I open WebmasterWorld in any mobile browser without issue.

YMMV

GoNC

2:03 am on Jul 8, 2014 (gmt 0)



It all seems to be specific to the browser version. I use Android and have no problem staying logged in, but my GF uses an iPhone, and neither Safari nor Chrome will stay logged in.

Reading online, I'm reading reports that about 60% of the browsers will recognize persistent cookies. There are a lot of variables at play, though; I've read that you could have two identical phones, and one will support persistent cookies while the other won't.

Eventually, there's going to have to be a replacement to cookies if this lack of support continues.

lucy24

2:16 am on Jul 8, 2014 (gmt 0)

WebmasterWorld Senior Member lucy24 is a WebmasterWorld Top Contributor of All Time Top Contributors Of The Month



And mobile browsers do not seem to differentiate between first/third party cookies!?

Mobile Safari-- at least the iPad version-- does. By default, only first-party cookies are enabled.

I found where to change the prefs and how to delete all existing cookies, but I'm ### if I can find where to see individual cookies. It would obviously be easier to isolate the problem if you could simply go to the site in the mobile browser of your choice, and see what-if-any cookies it sets.

If you log your headers: Do requests from mobiles ever include the "Cookie:" field?

penders

10:48 am on Jul 8, 2014 (gmt 0)

WebmasterWorld Senior Member penders is a WebmasterWorld Top Contributor of All Time 5+ Year Member Top Contributors Of The Month



And mobile browsers do not seem to differentiate between first/third party cookies!?


Sorry, that is a bit of a generalised statement. Just to clarify, I'm referring to the browser preferences that allow you to enable/disable third party cookies separately.

To be more specific... on Android... "Chrome", "Dolphin" and "Next" browsers only appear to have an On/Off cookie option (no differentiation between first and third party cookies).

However, "Firefox" and "Opera" do allow you to control third party cookies separately (default enabled in both cases).

The "UC Browser" doesn't appear to have any option to enable/disable cookies (that I can see)!? But it does support persistent cookies.

Just a thought... is it possible that some of these non-compliant browsers are set to "delete cookies on exit"?!

... but my GF uses an iPhone, and neither Safari nor Chrome will stay logged in.


There appears to be an issue if the webpage is saved as a bookmark on the home screen (or a "bookmarklet")? Persistent cookies might not be recalled in this instance?! The workaround seems to be to use localStorage?

[stackoverflow.com...]
[stackoverflow.com...]

penders

11:14 am on Jul 8, 2014 (gmt 0)

WebmasterWorld Senior Member penders is a WebmasterWorld Top Contributor of All Time 5+ Year Member Top Contributors Of The Month



I can't be sure off hand whether the previous "Android browser" did - but I'm pretty sure it did.


I've just fired up my old Android tablet, which has the original "Android browser" (version 4.0.3-20120401) and this does indeed support persistent cookies. There is just one setting in preferences to enable/disable.

...but I'm ### if I can find where to see individual cookies.


Android browsers don't seem to show this information either. (Maybe a plugin for Dolphin?!)

Dammy

4:25 pm on Jul 8, 2014 (gmt 0)



Please are u setting the cookie with js or php or what language are u using?

GoNC

9:41 pm on Jul 8, 2014 (gmt 0)



Please are u setting the cookie with js or php or what language are u using?


Mostly I'm setting the cookie with Perl, but I tried setting a persistent cookie with Javascript and had the same result.

lucy24

10:11 pm on Jul 8, 2014 (gmt 0)

WebmasterWorld Senior Member lucy24 is a WebmasterWorld Top Contributor of All Time Top Contributors Of The Month



what language are [yo]u using

It shouldn't make any difference, should it?, unless the problem turns out to be that the cookie-setting code isn't working at all. Setting a cookie is not difficult. Translation: I can do it.

penders

12:56 am on Jul 9, 2014 (gmt 0)

WebmasterWorld Senior Member penders is a WebmasterWorld Top Contributor of All Time 5+ Year Member Top Contributors Of The Month



...It shouldn't make any difference, should it?


With regards to JS vs PHP/Perl (or any other server-side language), it's possible to set an HttpOnly cookie in the HTTP response that is not accessible to JS.

Dammy

6:41 pm on Jul 9, 2014 (gmt 0)



when u ar setting up cookie with js, some browser may nt support it, maybe u cn use php's setcookie() to verify...

lucy24

7:59 pm on Jul 9, 2014 (gmt 0)

WebmasterWorld Senior Member lucy24 is a WebmasterWorld Top Contributor of All Time Top Contributors Of The Month



it's possible to set an HttpOnly cookie in the HTTP response that is not accessible to JS.

Ah, useful to know.

In this particular site, is the login processing and/or cookie recognition done in a script, or server-side? The question is probably a red herring, but it's good to take care of all variables.

:: vague mental association with "take arms against a sea of troubles" ::
 

Featured Threads

Hot Threads This Week

Hot Threads This Month