I have been struggling with one question in the last few days. For my web application, cookies are used to recognize the machine. If the correct cookies are not transmitted with the request, the application will undergo a second factor check (i.e., the user must enter OTP to log in).
Only on iPhone and iPad are users invited to enter OTP each time. I see that cookies are created on the iPhone / iPad, but it is not sent to the server with subsequent requests. This behavior only happens if we close and reopen the Safari browser. If I did not close Safari, then cookies are transmitted without any problems, and the application works properly.
We do not have this problem on Android / MacOS / Windows.
If anyone has any idea, please help me.
NOTE. We use secure HttpOnly persistent cookies. The cookie is valid for one year.
The cookie creation code is as follows
private void CreateCookie(HttpResponseBase aobjResponse, string astrCookieKey, string astrCookieValue, DateTime adtCookieExpiry) { HttpCookie lobjCookie = new HttpCookie(astrCookieKey) { Expires = adtCookieExpiry, Value = astrCookieValue, HttpOnly = true, }; if (aobjResponse.Cookies.Get(astrCookieKey) != null) { aobjResponse.Cookies.Remove(astrCookieKey); } aobjResponse.Cookies.Add(lobjCookie); }
source share