I found Google Dev and a post here (And many other first-page results on google) say it Is. (It almost sounded like they promote the practice) But in W3C doc they say and I quote "...in the mobile context, cookie support cannot be relied upon since it may be disabled either in the device configuration or by the mobile network."
If yes, How do I handle the case where cookies are disabled?
If no, What other options should I consider?
Cookies are nothing else than some headers that arrive on the response with Set-Cookie and replied in a request with Cookie. Indeed, cookies may be disabled in browser, no matter if the browser is running on PC or mobile (Chrome, Dolphin, etc). At browser level I guess it's all about ignoring or not these headers. So if you're building a web site that should look different on mobile browsers or if you want to show it in WebView you may bump into this issue. So maybe it's not that safe to use cookies if you're going on this path. However with WebView you may provide some flexibility by using the CookieManager.
Things change if you're building a native app and you're targeting a server API that's providing http content and cookies along. Depending on the http engine that you're using, you may choose to use either java.net.CookieHandler, either CookieStore in order to manage these cookies. Or you can create your own cookie store API that filters the cookies, updates them, removes and so on depending on your needs. I would recommend using cookies if you're going on this path ...
I am not an iOS expert, but I guess same applies for iOS native apps. You should have some API for reading/writing header and specifically cookie management.
You can use the Web Storage API from HTML 5, which is already largely compatible with almost every browser around, as you can see here: Web Storage Compatibility
WebStorage and SessionStorage can be used exatcly like a cookie, storing key/value pairs, but have the advantage that they are not sent back and forth from your server to the client, but are instead stored on your mobile.
More over, they are really easy to use, as much as this:
if ( typeOf(Storage) !== "undefined" ) {
localStorage.setItem('some_key','some_value')
var myVal = localStorage.getItem('myKey')
}
However, you should use a more sofisticated check in production (e.g. Modernizr)
As their names suggest, the SessionStorage is emptied on the end of the current session, while the LocalStorage is persistent through the sessions.