I'm new to using react-native and also the fetch api in javascript. I authenticate my app with a backend and after several refreshes in my ios simulator the app checks if it's authenticated with the backend on the initial loading and to my surprise, it is! This begs the question of where and what is persisting inside react-native and the fetch api?
fetch on React Native is implemented on top of native-level APIs and differs slightly from the whatwg specification and the well-known github polyfill. This means that when the actual HTTP request is made, it's made by the native networking stack on iOS or OkHttp3 on Android, and in each case, it's the underlying ObjC or Java code that handles and stores the cookies, away from your JS code.
Until this commit of Nov 2015, cookies weren't properly persisted on Android at all, but since RN 0.16 they've been supported on both platforms regardless of the credential setting in your fetch calls. As a result, session cookies and the like work out-of-the-box, which can be disconcerting if you're not expecting anything to be persisted. If you need to manipulate cookies from your JS, have a look at react-native-cookies, which interacts with the underlying cookie stores.
