Median.co HomeDeveloper PortalCreate New App
Documentation
Online TermsPrivacy Policy

Cookie Persistence

Suggest Edits

Overview

Median-powered apps respect the cookie expiration settings defined by your web platform. This ensures consistent behavior between your web experience and the mobile app.

📘

Secure Storage of Login Sessions

For critical session data or long-term authentication, consider storing tokens in secure storage (e.g., through our FaceID / TouchID and Android Biometric Plugin) instead of relying solely on cookies.

Common Use Cases for Cookies

Cookies are commonly used for:

  • Session Management - Maintaining user login sessions and authentication states.
  • User Preferences & Personalization - Storing settings like language, theme, or layout preferences.
  • Tracking & Analytics - Collecting data for usage insights, performance monitoring, and behavioral analytics.

Cookie Persistence Settings

By default, Median apps respect the Expires and Max-Age attributes set by your website when issuing cookies. However, you can override this behavior by enforcing a fixed expiration duration for all cookies used in the app.

This override is useful in scenarios such as:

  • Extending session duration beyond server-defined limits.
  • Managing cookie behavior when you cannot modify server-side configurations.

To set a custom cookie expiration policy, navigate to Web Overrides > Cookie Persistence in the Median App Studio and switch the setting from 'Default' to 'Custom' to define your desired cookie lifetime length.

Web Overrides - Cookie Persistence Settings

Web Overrides - Cookie Persistence Settings

Limits

Cookie persistence is ultimately subject to the limitations of the underlying platform’s WebView component.

Android WebView

Cookie Lifetime Limitations:

  • Maximum Cookie Lifetime: No enforced upper limit.
  • Cookies persist based on the Expires or Max-Age attributes, assuming:
    • The app does not programmatically clear cookies.
    • The WebView process and storage remain intact.

Real-World Limitation:

  • Cookies may be lost if the app is uninstalled or if Android clears app storage.
  • While technically possible, cookies set for 10+ years may not reliably persist through OS updates or device resets.

iOS WKWebView

Cookie Lifetime Limitations:

  • Maximum Cookie Lifetime: Not explicitly capped, but more restrictive in practice.
  • Without explicit persistence, cookies may be cleared when the app closes.

Real-World Limitation:

  • Apple's Intelligent Tracking Prevention (ITP) may purge cookies after 7 days if there’s no user interaction with the domain.

Updated 20 days ago