是否永久删除NSURLCredential？

Question

我正在尝试删除当我访问安全的HTTP站点时编写的NSURLCredential。下面的代码工作并从NSURLCredentialStorage中删除NSURLCredential，但即使我指定了：

NSURLRequest *request = [NSURLRequest requestWithURL:url cachePolicy:NSURLRequestReloadIgnoringCacheData timeoutInterval:60];

不会重新加载缓存的数据，我已经实现了这个方法：

- (NSCachedURLResponse *)connection:(NSURLConnection *)connection willCacheResponse:(NSCachedURLResponse *)cachedResponse {
    return nil;
}

下一次运行应用程序时，deleteStoredCredential会找到"loginSiteName.com“的新凭据并将其删除。我的问题是，我是否遗漏了什么，是否还有其他需要清除的地方，凭据是否可以缓存在iPhone上？

-(void)deleteStoredCredential {
    NSURLCredentialStorage *sharedCredentialStorage = [NSURLCredentialStorage sharedCredentialStorage];
    NSDictionary *DICT_allProtectionSpaces = [sharedCredentialStorage allCredentials];
    // DICT KEY   = NSURLProtectionSpace
    // DICT VALUE = NSDictionary

    for(NSURLProtectionSpace *thisProtectionSpace in DICT_allProtectionSpaces) {
        if([[thisProtectionSpace host] isEqualToString:@"loginSiteName.com"]) {
            NSDictionary *DICT_allCredentials = [sharedCredentialStorage credentialsForProtectionSpace:thisProtectionSpace];
            // DICT KEY   = NSString (i.e. username)
            // DICT VALUE = NSURLCredential

            for(NSString *thisUserName in DICT_allCredentials) {
                NSURLCredential *credentialToDelete = [DICT_allCredentials valueForKey:thisUserName];
                NSLog(@"REMOVE UID: %@ WITH PWD: %@", [credentialToDelete user], [credentialToDelete password]);
                [sharedCredentialStorage removeCredential:credentialToDelete forProtectionSpace:thisProtectionSpace];
            }
        }
    }
}

Answer 1

我发现了问题:我创建的用于访问站点的NSURLCredential是用NSURLCredentialPersistencePermanent而不是NSURLCredentialPersistenceNone创建的。因此，凭证被存储在iPhone密钥链中。

Answer 2

我还使用了NSURLCredentialPersistenceNone，以避免在存储中存储凭据。但我指出，我需要等待一些时间，比如10秒来清除旧的凭据，然后在客户端启动新的凭据SSL证书。

你在NSURLConnection类中注意到这个奇怪的行为了吗？

感谢您的帮助:)