Hello, I’ve been working on a few different apps and I noticed recently that whenever I login on one app, the other apps disconnect. I’ve been using it to store login credentials, and usually to save work I use the same base between apps. In the documentation it says:
for iOS standalone apps, data stored with expo-secure-store can persist across app installs.
Does this means across the same app install, or does any app that I build, no matter the identifier, will all have the same pool of data to store?
If it is between any apps, is there a way to prevent it, or do I need to use different keys for each app?
Hey @f5webnet, I’m a little confused at the project workflow you have implemented. But each app that has a unique identifer, should and is expected to have siloed storage. This feels like it might be the result of something from your Auth provider?
We use Laravel Passport to generate a token that can be saved on the app for the user to make requests to the server. We use SecureStore to save that token for when the user reopens the app, that way the user doesn’t need to login again.
Each app has a unique identifier and its own server (the apps are completely different), but we use the same code for saving the auth token between them, we use the same key name for saving (ex: “authtoken”).
On android this works as expected, each app works individually and I can login and logout normally. However on iOS if I login in app A, it stores the new auth token, then if I go on app B the auth token stored in it is the same as app A (which is invalid for app B server and so the app assumes the user is not logged in). Also to note is that this only happens on the app store version, on the expo go this works as it does on android.
Im not sure where else this problem could be, so when reading the securestore doc I found that line and thought it could be that. But as you said each app should have its individual storage and on expo go it behaves normally. We tested this on both iPhone 7 and 12, and in both cases this happens.
Also, both projects started as an early version of expo sdk, version 35, but have been updated to versions 41 and 42.
I have two apps running right now. One is a DEV, on the default publishing channel. The other is PROD, on the production channel. I did builds for both iOS apps, each using a unique bundle identifier. They are both exposed currently using Test Flight as separate apps. I have them both installed on the same phone.
Right now, I store username, password, and token. This way if a user closes the app, it will auto log them back in and resume their session.
However, if I log into the PROD app, and then open the DEV app, it resumes the PROD session using the username/password from PROD in the DEV app. Since the two apps use a different API server (as separated by the release channel using Updates), the login fails on DEV and it automatically logs out because it detects incorrect credentials.
So it seems right now, across different release channels, in different app containers, the variables stored are shared.
As I fix I could prefix the variable names with the release channel, but for now, this is perhaps unexpected?
I think it really should be expected as the keychain is shared in iCloud. For now I just use asyncstorage and have the “key” stored in securestorage to decrypt the async storage data that contains secure information before I use it.
Though you can use this as a iCloud side effect to log in with one device and continue to another.