Persisting log-ins to news subscriptions across mobile social media

I subscribe to the Wall Street Journal and the New York Times. I recently dropped the Economist. 

One thing that really irks me is that when I click through on WSJ or NYT links on social media, particularly Twitter and Reddit, I regularly find myself looking at the paywall again. 

iOS12 is a big step forward: seamless 1Password integration, FaceID, and I'm in.

But I don't understand what happens here. Are the browser built in to the Twitter/Facebook/Reddit apps all stand-alone/sandboxed? No sessions/cookies shared between Safari and them? Is it because I use Chrome as my main browser on iOS and should I stop doing that?

Is there a way to share credentials in a persistent and secure manner between services? Feels like OAuth has been around for some time.


Comment from developer Kuba Suder, who I worked with in Poland ages ago and who now does independent development work for Mac/iOS & in Ruby:

"...there is no way to reuse your cookies saved in Safari e.g. in the Twitter app. (But it should remember your logins across separate sessions in the Twitter app.)

There are two ways to implement an in-app browser: WKWebView, basically a view that shows rendered content that you need to build UI around (e.g. in the Facebook app), which has separate cookie storage for every app; and SFSafariViewController, which pops up a standard Safari screen with all controls and even uses your configured content blockers (e.g. Tweetbot, now also official Twitter app) - which actually *did* share cookies with Safari at first, but it was changed in iOS 11...

Apple said it's because it's more convenient if you can log in to one account in Safari and to another account in some app, but it's probably all done mostly for privacy, to make it impossible or much harder to track users across apps (because you know so many companies will keep trying to do that, even though they can't use device IDs anymore and the advertising ID is unreliable - e.g. is kind of built for that specific purpose).

There are a couple of other APIs in the SDK that can let you reuse Safari logins in apps, but they're only meant for OAuth-like workflows, i.e. you authenticate the user and get some kind of token and log in the user into the app itself (not to an in-app browser)."

So if it doesn't remember my logins across separate sessions in the Twitter app, I'm probably just doing it wrong somehow. Feels like yet another thing Apple should throw into Settings (perhaps reuse subscription permissions from News?). In any case, thanks Kuba!