ASWebAuthenticationSession cookie

We have a similar issue with Safari on iPad running version 16.4 (other versions untested) but yet be able to further debug as we have no MacBook at hand right now. But navigating will hang our page and redirect to login after refresh. So it seems to be a session cookie related regression. Deleting Safari website data resets and/or restarts the cycle. Private browsing in Safari or switching to Chrome or Edge is helping for now. Our issue still holds true with Safari on iPad running version 16.5 but behavior slightly changed. Navigating continues to hang our page but there is no redirect to login after refresh. Private browsing in Safari and latest Chrome or Edge still working without problems.

I am developing a website. In the process we startet with Safari 16.3 and the cookie consent solution worked fine. Since I upgraded my computer to Ventura 13.3.1 and Safari 16.4 the cookie-banner, appears as a modal as expected, but nothing in the pref-field can be clicked or selected. When trying to click something the whole modal closes. Since the cookie consent solution also works based on cookies, I believe that the issues you have experienced cause the problem. Additionally on the website script based functions are corrupted or not loading. In other browsers such as Chrome (Version 113.0.5672.92) everything works fine. Also in Safari 16.3. I am developing within webflow [https://webflow.com) The cookie-consent-solution I am using is finsweet [https://finsweet.com/cookie-consent) Hopefully, the developers from Safari have a look into this as soon as possible!

I am also experiencing while trying to log in to my Apple Developer account. Whenever I try to log in, I receive an error message that reads, We cannot process your request. Please try again later. I have tried troubleshooting the issue by checking my internet connection, clearing my browser cache and cookies, and trying a different browser. However, the issue persists.

I'm experiencing the same issue. To make it even weirder, when the inspector is open, even with 'disable cache' unchecked, it will send the cookies. I don't have an actual iOS device at hand, but this is also happening on real hardware, based on feedback from my customers.

@Shawzborne, who did you speak with @ Apple and what did they say? Has anyone else reached out? Judging by the relative lack of mentions online, doesn't seem widespread... According to the coinciding console logs, it seems it may be some sort of authentication bug: error 03:28:57.510123+0300 TestFlight AMSAbsinthe: [3822C21C] No bag provided. Defaulting to skipping Absinthe signing. error 03:28:58.114276+0300 TestFlight RP(0x282845a60) URL=https://testflight.apple.com/v1/session/authenticate; code=400; Headers={ Connection = close; Content-Length = 169; Content-Type = application/json;charset=utf-8; Date = Sat, 22 Apr 2023 00:28:58 GMT; Server = daiquiri/3.0.0; Set-Cookie = dc=mr;Version=1;Domain=.itunes.apple.com;Path=/;Max-Age=86400; Strict-Transport-Security = max-age=31536000; includeSubDomains; preload; X-Apple-Jingle-Correlation-Key = OUO35BHL6WPDECX6AWAY7S5KRE; X-Content-Security-Policy = script-src 'self' *.apple.com; X-Content-Type-Options = nosniff; X-XSS-Protection = 1; mode=block; x-daiqu

I am observing this strange behaviour, too. When I tick the box for Disable Caches in the Network window of the Web Inspector, Cookies are sent to the server, always. (Tested on my Mac with Safari Version 16.4 (18615.1.26.11.22))

We are having the same issue. ios 16.4.1 and safari browser. The odd thing is I can't find any patch-notes that explains why this would suddenly break. Will try to change cookie samesite attribute and update if successful.

hello we have the same problem. The session cookie is accidentally lost. Affected are: iphones with ios 16.4 / safari browser. when will this be fixed? will it be fixed ? or do we have to find a solution ourselves? sebastian

t seems to occur when the samesite attribute of Cookie is set to Lax in Safari 16.4. If the samesite attribute is not set (not 'none') in my Rails Application, this problem will not occur, but it will occur if it is 'Lax'.

I am experiencing the same issue. I log into my site using Firefox on Windows and I have cookies sent for every request, I sign into my site from Safari (16.4; os 13.3.1) and nearly all of my request are not sent with cookies.

I'm having a very similar issue with an instance of Discourse I maintain. Multiple users report being intermittently & randomly. signed out after upgrading to Safari 16.4. Occasionally, requests to my site from Safari 16.4 fail to send a user's session token cookie, despite it being present in Safari's storage. This results in my server seeing that missing cookie and correcting the mistake by signing the user out. This does not happen on every request, but it's always the same cookie that gets dropped. The main difference b/t our cases is that my cookie is not a session cookie, it has an expire time of 365 days.

The problem only occurs with Safari on iPad/MacBook running version 16.4, 16.4.1, or 16.5 beta. The problem cannot be reproduced using Chrome on iPad. Furthermore, the problem does not occur with private browsing in Safari. We have a similar issue with Safari on iPad running version 16.4 (other versions untested) but yet be able to further debug as we have no MacBook at hand right now. But navigating will hang our page and redirect to login after refresh. So it seems to be a session cookie related regression. Deleting Safari website data resets and/or restarts the cycle. Private browsing in Safari or switching to Chrome or Edge is helping for now. I will try to get more details on the issue using a MacBook as soon as possible.

I wish someone would answer if this is supported; namely; does ASWebAuthenticationSession using the browser display a save prompt after credentials are added?