I login into a server using credentials, which are passed inside the request parameter like this: https://server.i.connect.to/login&username=user&password=pass. All works fine, if credentials are correct. If I then change credentials into something invalid, reponse return from dataTask is the same - I get access, despite passed credentials are invalid. I have no clue whether this behavior is triggered on the client (my) side, or on the server side. Also, I don't have an idea how to check which side is responsible.
I tried to disable URL cache, but no luck. I was still able to login with wrong credetials.
let urlSessionConfig = URLSessionConfiguration.default
urlSessionConfig.requestCachePolicy = .reloadIgnoringLocalAndRemoteCacheData
urlSessionConfig.urlCache = nil
let testSession = URLSession.init(configuration: urlSessionConfig)
let task = testSession.dataTask(with: request) { data, response, error in
...
When I restart the app and first try the wrong credentials, access is denied (so basic code is correct). If I then change to correct credentials, access is granted. Back to the wrong credentials then still allows access. Hence, it is only one way, from good to bad credentials, that it doesn't work as expected.
I also tried ...
urlSessionConfig.requestCachePolicy = .reloadRevalidatingCacheData
... with no change!
Is my cache related code above wrong or what could be the source of this behavior?
After @user3344236 kicked me in the right direction, I managed to solve the problem by (always) first performing a logout prior doing the login inside the completition code of the logout .dataTask. This seems to work perfectly now!
My assumptions about cache issues were apparently wrong.