Cookies not shared on iOS between SFAuthenticationSession and Safari instances

Number:rdar://34816736 Date Originated:October 4 2017
Status:Closed Resolved:July 25 2018
Product:iOS Safari Services Product Version:11
Classification:Bug Reproducible:Yes
Cookies are not being reliably shared between SFAuthenticationSession instances on different applications, and/or with Safari on iOS 11 devices.  Changes made to cookies inside one instance (create/delete) are not reflected inside other applications.  

This breaks Single Sign-on (SSO) and Sign Log-out (SLO) for apps using a common web session for primary authentication in OAuth flows.

However, it appears to be working on iOS 11 (15A372) device simulators.

Expected Results:
The cookie should be shared between the two applications as conveyed through the cookie name label, or by viewing the /get-cookie/user path in Safari.

Actual Results:
Applications/Safari will display unique cookie token values.  Deleting cookie from one application will not delete token from other applications scope. 

iOS 11.0 (15A372) - Working most of the time

iPhone 6s - iOS 11.0.2 (15A421) - Not working
iPhone 7 - iOS 11.1 (15B5066f) - Not working

NOTE: Still broken in iOS11, but fixed in iOS12


Please note: Reports posted here will not necessarily be seen by Apple. All problems should be submitted at before they are posted here. Please only post information for Radars that you have filed yourself, and please do not include Apple confidential information in your posts. Thank you!