MobileSafari won't send back Cookies set with CORS

Question

I have a page loading up in MobileSafari which communicated with another server via CORS.

In desktop browsers (tested Chrome and Safari), I am able to log in, get a sess

Answer 1

You didn't mention whether the remote server is under a different domain or just a different subdomain. I assume is under a different domain.

As @schellsan pointed out you can't set/write cookies to a different domain even if the CORS policy allows it due the 3rd party cookies restriction on safari. It's the latest safari restriction. I guess Firefox is about to do the same.

Workarounds I'm currently evaluating:

• Use a redirect on the remote server so that when the client is redirected (the remote URL is in the browser bar) you can set the cookie
• Use a custom header