I'm creating your standard login in PHP. It relies on the user's session remaining the same to keep the user logged in. The session has been persisting as expected on desktop browsers, Safari on iOS, and webview in Facebook iOS app. However, it is not persisting on webview in Twitter iOS app.
I have this simple page to print out the session:
<?php
session_start();
?>
<html>
<body>
<h1>$_SESSION</h1>
<?php
print_r($_SESSION);
?>
<h1>$_COOKIE</h1>
<?php
print_R($_COOKIE);
?>
</body>
</html>
Safari on iOS
- Open the page in Safari on iOS.
- Reload the page 10 times.
- The same session ID is printed every time.
Facebook on iOS
- Post the link to your Facebook wall.
- Tap the link 10 times.
- The same session ID is printed every time.
Twitter on iOS
- Tweet the link on Twitter.
- Tap the link 10 times.
- The session ID is missing every time.
The only major difference between Twitter and everyone else is that Twitter converts all links with their shortening service. If you inspect the website source code of your posts, you'll see:
<a href="t.co/someCode">yourOriginalLink.com</a>
This affects your referrer. But how exactly would the referer screw up your session?
I know other websites have gotten sessions to persist on Twitter because I've logged in on those other apps and I remain logged in every time I launch their site. You can look at Meerkat for example. Just search for #meerkat in your Twitter iOS app and click on the link in any of the tweets. You'll be asked to log in. If you click on a second Meerkat link, it will remember that you've already logged in before.