We run a website on Apache which uses Basic Authentication.
This website forwards to a third party website to take credit card payments then returns to our website.
When we have Prevent Cross-Site Tracking switched on (default) in iOS 11 when we are returned from the payment site to our site it prompts us to log on again.
When we have the setting switched off and are returned to our website it carries on as normal without any prompt.
So the sequence of events is;
1. User logs on to our website using their logon/password.
2. User fills their basket with goods.
3. At checkout we forward to a third party for credit card payment.
4. Once payment is made the payment website forwards back to our website - at this point the user is prompted to enter their credentials again.
My understanding is that it's only cookies that are wiped between websites, are basic logon credentials wiped too?
Is this how it's supposed to work?
What options would we have to get round this wihtout asking all our customers to change a setting on their iOS device?
Thank you.