Does Alamofire store the cookies automatically?

Yes! Alamofire is basically a wrapper around NSURLSession. Its manager uses a default NSURLSessionConfiguration by calling defaultSessionConfiguration().

As its github page says under Advanced Usage section:

Alamofire is built on NSURLSession and the Foundation URL Loading System. To make the most of this framework, it is recommended that you be familiar with the concepts and capabilities of the underlying networking stack.

And under Manager section:

Top-level convenience methods like Alamofire.request use a shared instance of Alamofire.Manager, which is configured with the default NSURLSessionConfiguration.

And the NSURLSessionConfiguration reference for defaultSessionConfiguration() says:

The default session configuration uses a persistent disk-based cache (except when the result is downloaded to a file) and stores credentials in the user’s keychain. It also stores cookies (by default) in the same shared cookie store as the NSURLConnection and NSURLDownload classes.

For those who use Moya and want to disable stored cookies

(fixing the X-CSRF-Token request header is missing)

Very basic example:

public final class DisableCookiePlugin: PluginType {    public init() {    }public func prepare(_ request: URLRequest, target: TargetType) -> URLRequest {                        var mutableRequest = request                        mutableRequest.httpShouldHandleCookies = false            return mutableRequest                }}

And then use it

MoyaProvider<Api>(                    plugins: [                        //NetworkLoggerPlugin(configuration: .init(logOptions: .verbose)),                        DisableCookiePlugin()                    ]