I’ve read the docs on how sessions are managed with TwitterKit, but the behaviour I’m experiencing is still unexpected.
A user with all Safari website data cleared and no iOS Twitter accounts logs into our app using Twitter.sharedInstance().logInWithCompletion (uses TWTRLoginMethodAll). They then log out of our app. When logging I run the following code to try and remove credentials completely:
let twitterSessionStore = Twitter.sharedInstance().sessionStore
twitterSessionStore.reloadSessionStore()
for case let session as TWTRSession in twitterSessionStore.existingUserSessions()
{
twitterSessionStore.logOutUserID(session.userID)
}
NSURLSession.sharedSession().resetWithCompletionHandler {}
let cookieStore = NSHTTPCookieStorage.sharedHTTPCookieStorage()
cookieStore.cookies?.forEach { cookieStore.deleteCookie($0) }
NSUserDefaults.standardUserDefaults().synchronize()
Once logged out, the user quits the app, deletes the newly created iOS Twitter account, and goes into iOS Safari settings and wipes website data again. They then ensure the user is not logged in on Twitter.com in Safari.
The user then relaunches the app and attempts to log in again using the above method. The user sees a modal view pop up but are then automatically redirected and logged in automatically.
How is this happening and where are the credentials being stored for them to automatically logged in!?
All local and Safari caches are cleared, iOS account deleted, and logout is called on each stored TwitterKit session. This should really be wiping everything, but it isn’t.
Please can someone advise. I don’t want to just use TWTRLoginMethodWebBasedForceLogin as that is not a great experience to force users to enter their password if they have an account already authenticated on the device. I’d like to know what is happening in this situation and why the credentials are not wiped properly when logOutUserID is called for each session.
Update: It would appear that even deleting our app and re-installing will automatically log you in, and hence remembers your credentials. How on earth could this be happening?!
I’m using Fabric 1.6.8 TwitterKit 2.4.0 TwitterCore 2.4.0
