[MOO-2391] Improve SessionCookieStore#53
Open
MxKevinBeqo wants to merge 8 commits into
Open
Conversation
dccc1e6 to
69c6314
Compare
Collaborator
|
|
YogendraShelke
approved these changes
Jul 15, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Addresses the keychain-related password dialog that appeared on the splash screen for some users on iOS.
What was happening
migrateKeychainAccessibility) runs early during startup and, in its original form, requests the secret data of every generic-password keychain item in one batch query. Decrypting an oversized/blocked item as part of that batch invokesLocalAuthentication, producing the "Enter password" dialog on the splash screen. This is the confirmed direct trigger — the dialog began appearing only when this migration was added, even though the oversized item already existed.SessionCookieStore.persist(), which serialises all no-expiry session cookies into a single keychain item that can grow to several hundred KB.The fix addresses both the direct trigger (the migration read) and the underlying condition (oversized items), so neither relies on the other.
Changes
1.
MendixNative/Encryption/MendixEncryptedStorageModule.m—migrateKeychainAccessibilityRemove
kSecReturnDatafrom the batch query. The migration only needskSecAttrAccountto issueSecItemUpdatecalls; fetching the actual secret data was unnecessary and was the direct trigger of the dialog.Switch to
kSecUseAuthenticationUISkip. WithkSecMatchLimitAll, this silently skips any item that would require user interaction and returns the rest — so a single blocked/oversized item can neither show a dialog nor abort the batch. (The single-item reads inSessionCookieStoreusekSecUseAuthenticationUIFail, which is the correct variant for a one-item query.)Always set the done-flag. Every error path now writes
NSUserDefaultsbefore returning, breaking the infinite retry loop. Previously only a fully successful read set the flag.2.
SessionCookieStore.swift—get(key:)Locked-device reads no longer delete valid data.
errSecInteractionNotAllowednow returnsnilwithout callingclear(key:). The stored item is left intact so a later read after the device unlocks can still succeed. Previously this status was treated as corruption and the item was deleted — causing data loss on background launches before first unlock.NSException from
NSKeyedUnarchivercaught safely. The unarchive call is wrapped in a new ObjC@try/@catchtrampoline (ObjCExceptionCatcher) so that malformed/truncated archive data triggers the self-heal path (delete + return nil) instead of crashing the app. Swift'sdo/catchcannot intercept Objective-C exceptions raised byNSCoder's defaultdecodingFailurePolicy.Self-heal on genuinely corrupt data. If deserialization returns nil (whether from a caught exception or a Swift-level failure), the item is deleted and nil returned — the same cleanup behaviour as before, but now it cannot crash.
3.
EncryptedStorage.swift—getItemAdd
kSecUseAuthenticationUIFailto the read query. Prevents the same auth-dialog-loop that affectedSessionCookieStorefrom occurring for any consumer ofEncryptedStorage.On
errSecInteractionNotAllowed, resolve as null without deleting. Consistent with theSessionCookieStorefix — a locked-device read is transient, not corruption. The item will be accessible on a subsequent read after unlock.4.
ObjCExceptionCatcher.h/.m(new) &MendixNative.podspecSmall Objective-C utility that wraps a block in
@try/@catchand returns nil onNSException. Added topublic_header_filesin the podspec so Swift code within the module can use it.Self-healing for already-affected devices
No manual intervention needed. On the first launch after this fix ships:
migrateKeychainAccessibilityno longer reads item data, so it does not prompt even while the oversized item still exists.restore()callsget(key:)→ if the item is blocked/corrupt it is removed → user re-authenticates once.