With version 3 of the Twitter SDK for iOS, it is impossible to completely log out the first user that logs in due to
SFSafariViewController caching their session credentials.
Because the ability to force login through the
TWTRLoginMethod has been removed in this version of the SDK, it has completely broken our apps. Most of our applications are used in a kiosk mode so we are particularly sensitive to this change since we almost never want sessions to persist between uses.
The bug is persistent in our app with the following workflow:
- We call
logInWithCompletionto log in User A
- They finish interacting with our app and we call
logOutUserIdto log them out
User B attempts to use our app and we call
- The modal appears briefly and then displays “Redirecting you back to the application”
- User B never sees a login screen and instead they are signed in as User A
- Until the phone is physically restarted users are always logged in as User A since they happened to be the first person to login.
When using the
logInWithCompletion method the
SFSafariViewController is always used for the first user authenticated. This means that if I’m logging out User A after interacting with Twitter it will always use this method. However, the session cookies for User A are retained since
SFSafariViewController is sandboxed on the system level. This means that User A is remembered and automatically logged in when User B tries to login even though I’ve logged out User A manually with
logOutUserID. I have to physically restart the device to get this cookie cleared and there’s no way to clear the session manually since
SFSafariViewController is sandboxed at the system level.
The only way to get around this is to never log out users in my application. This forces
UIWebView behavior for everyone after User A and ensures that the User A is not logged in automatically. However, the side effect of this behavior is that the User A’s username is pre-filled when User B goes to login which is disconcerting for our particular use-case.
SFSafariViewController method adds extra controls at the bottom allowing the user to trigger the share dialogue or open the login page in the installed browser–effectively breaking kiosk mode in our application.
Ideally, it would be great if we could simply force login through
UIWebView as we’ve previously been able to do. At the very least it is critical that the bug we’re seeing here gets addressed since it’s completely broken critical functionality for all our apps.
Thanks for your time!