I use AFHTTPRequestOperationManagerto get some data from our server. The server uses basic authentication.
When a user logs into our application, I set up the credentials as follows:
manager.credential = [NSURLCredential credentialWithUser:username password:password persistence:NSURLCredentialPersistenceForSession];
And then I make a request as follows:
[manager GET:address parameters:nil success:^(AFHTTPRequestOperation *operation, id responseObject) {
} failure:^(AFHTTPRequestOperation *operation, NSError *error) {
}];
When I make a request, the method is called connection:willSendRequestForAuthenticationChallenge: NSURLConnectionDelegate(the method is implemented in AFURLConnectionOperation).
When the user exits the application and logs in again, I again set the credentials from the user input. However, if this occurs within 30 seconds after the previous successful request, the credentials are not sent for authentication ( connection:willSendRequestForAuthenticationChallenge:not called). This means that the user can log out and then apparently log in even if the new credentials are incorrect, as they are never verified.
If I wait at least 30 seconds, the problem does not occur (i.e., credentials are checked and I get error 401).
Do I need to clear my credentials somehow when the user logs out, or am I going to do it all wrong?