Some session data (maybe cookies) are not persisted in the same way as Edge/Chrome.

[darbid]

Description
On a website which requires login through redirection to an authentication server (smart card / pin / certificate) in Google Chrome and Edge Chromium session cookies and/or other data is saved so that a user can close the browser fully and then on restart can navigate to the website without the requirement to login again. With webview2 a login and redirection to the authentication server always happens and a user must always provide a (smart card / pin / certificate).

Version
SDK: 1.0.824 prerelease
Runtime: 91.0.845.2
Framework: WPF
OS: Win10

Repro Steps
Sorry but my target website is intranet only.
Expected Behavior Based on Edge Chromium / Google Chrome

1. Navigate to the target website
2. Navigation redirects to an authentication site which requires login with Smart Card / Pin / Certificate
3. On providing a certificate the target website is available.
4. Close Target Tab and Close Edge fully exiting the program. Even log out of target website.
5. Restart Edge.
6. Navigate to the Target website.
7. The website does not (appear to) redirect to the authentication site, it automatically logs in and there is no need to provide a smart card certificate. (I assume it must check with the authentication server but it is automatic.)

WebView2
On every new start of the application or of WebView2 after calling Dispose(), a user is redirected to the authentication server.

Additional context

• All Webview2 instances are created identically with the same user data folder

AB#32538228

[champnic]

Hey @darbid - we are looking at adding Certificate support in #3 and some Auth support in #120 that I believe would solve your scenario. Can you take a quick look at those issues and see if they would work for you? We are currently working on both of them. If you think your scenario is different I can reopen this issue.

[darbid]

First I am sorry for my terminology, I am sure it is incorrect and confusing.

#120 is not likely to assist. In fact the whole idea of the above process is to not have username and passwords. My comment there is probably misplaced.

#3 will be an exciting update that as you can see I have a strong/unique opinion on. It would be related to the first time you log in to the target site but when you return I am unaware of any events the next time around.

I can add that CefSharp and a standard CEF Client handle this out of the box.

Some positive feedback (which also my help you to understand what I am trying to explain)
We can also log in to the windows 10 operating system with our smart card / pin / certificate as well. If I do this and then open Webview2 or Edge then when I target my website I am auto logged in. Works perfectly and as expected 👍

I think the process is called MyID. It is different to Azure authentication which we do also use for things like O365.

[champnic]

Thanks for the added info @darbid! I've reactivated this, and will add this bug to our backlog to take a look. It's possibly related to how we handle profiles in WebView2 as opposed to the browser.

[darbid]

@champnic It looks like I will have to apologize for opening this one. I am sorry.

As I set out above the cookies I was looking at included session cookies. It appears in a Chrome/Edge browser, session cookies are saved if you use the setting - Settings > On Startup > Continue where you left off, however if this setting is not used then session cookies are not saved. It therefore looks like we all need to save and then add session cookies to save a user from needing to login to a targeted site in a hybrid Webview2 app.

I will close this issue, however you have linked #1325 to this issue so you may want to open it up for tracking purposes.

[champnic]

@darbid thanks for the follow-up! I've reopened #1325.