Use ephemeral URLSession to send .org REST API requests

crazytonyli · crazytonyli · commit 01c5e4f15cf4 · 2024-10-29T13:29:31.000+13:00
diff --git a/WordPress/Classes/Networking/WordPressClient.swift b/WordPress/Classes/Networking/WordPressClient.swift
@@ -45,9 +45,19 @@ actor WordPressClient {
         self.rootUrl = rootUrl.url()
     }
 
-    static func `for`(site: WordPressSite, in session: URLSession) throws -> WordPressClient {
+    static func `for`(site: WordPressSite) throws -> WordPressClient {
         let parsedUrl = try ParsedUrl.parse(input: site.baseUrl)
 
+        // At the moment, the app supports account password and application password.
+        // When a site is initially signed in with account password, WordPress login cookies are stored
+        // in `URLSession.shared`. After switching the site to application password authentication,
+        // the store cookies may interfere with application-password authentication, which results in 401
+        // errors from REST API.
+        //
+        // To avoid the above issue, we'll use ephemeral URLSession for now (which stores cookies in memory
+        // rather than using the shared one on disk).
+        let session = URLSession(configuration: .ephemeral)
+
         switch site.type {
         case let .dotCom(authToken):
             let api = WordPressAPI(urlSession: session, baseUrl: parsedUrl, authenticationStategy: .authorizationHeader(token: authToken))
diff --git a/WordPress/Classes/ViewRelated/Blog/Blog Dashboard/ViewModel/BlogDashboardViewModel.swift b/WordPress/Classes/ViewRelated/Blog/Blog Dashboard/ViewModel/BlogDashboardViewModel.swift
@@ -108,7 +108,7 @@ final class BlogDashboardViewModel {
         var _error: Error?
 
         do {
-            self.wordpressClient = try WordPressClient.for(site: .from(blog: self.blog), in: .shared)
+            self.wordpressClient = try WordPressClient.for(site: .from(blog: self.blog))
         } catch {
             _error = error
             self.wordpressClient = nil
diff --git a/WordPress/Classes/ViewRelated/Blog/Blog Details/BlogDetailsViewController+SectionHelpers.swift b/WordPress/Classes/ViewRelated/Blog/Blog Details/BlogDetailsViewController+SectionHelpers.swift
@@ -130,7 +130,7 @@ extension BlogDetailsViewController {
 
         do {
             let site = try WordPressSite.from(blog: self.blog)
-            let client = try WordPressClient.for(site: site, in: .shared)
+            let client = try WordPressClient.for(site: site)
             return ApplicationPasswordService(api: client, currentUserId: userId)
         } catch {
             DDLogError("Failed to create WordPressClient: \(error)")
