Cookies not shared on iOS between SFAuthenticationSession and Safari instances
| Originator: | craig.lane | ||
| Number: | rdar://34816736 | Date Originated: | October 4 2017 |
| Status: | Closed | Resolved: | July 25 2018 |
| Product: | iOS Safari Services | Product Version: | 11 |
| Classification: | Bug | Reproducible: | Yes |
Cookies are not being reliably shared between SFAuthenticationSession instances on different applications, and/or with Safari on iOS 11 devices. Changes made to cookies inside one instance (create/delete) are not reflected inside other applications. This breaks Single Sign-on (SSO) and Sign Log-out (SLO) for apps using a common web session for primary authentication in OAuth flows. However, it appears to be working on iOS 11 (15A372) device simulators. Expected Results: The cookie should be shared between the two applications as conveyed through the cookie name label, or by viewing the /get-cookie/user path in Safari. Actual Results: Applications/Safari will display unique cookie token values. Deleting cookie from one application will not delete token from other applications scope. Version/Build: Simulator: iOS 11.0 (15A372) - Working most of the time Devices: iPhone 6s - iOS 11.0.2 (15A421) - Not working iPhone 7 - iOS 11.1 (15B5066f) - Not working NOTE: Still broken in iOS11, but fixed in iOS12
Comments
Please note: Reports posted here will not necessarily be seen by Apple. All problems should be submitted at bugreport.apple.com before they are posted here. Please only post information for Radars that you have filed yourself, and please do not include Apple confidential information in your posts. Thank you!