I’m using Django to set HttpOnly and Secure cookies for my React web application. These cookies work perfectly on Chrome (both desktop and mobile) and Android devices.
However, I’m encountering a major issue on iOS:
-iOS Safari: Cookies are not persisted; they are treated like session cookies and are deleted when the browser is closed.
-iOS React Native WebView: Similar to Safari, the cookies are not persisted.
-İOS Chrome: It works.
-Android React Native WebView: It works.
MAX_AGE = 60 * 60 * 24 * 360
COMMON = {
"httponly": True,
"secure": True,
"samesite": "None",
"path": "/",
"domain": ".myweb.net",
"max_age": MAX_AGE,
}
def set_auth_cookies(response, access_token: str, refresh_token: str):
response.set_cookie("refresh_token", refresh_token, **COMMON)
response.set_cookie("access_token", access_token, **COMMON)
return response
I have confirmed that the max_age is set to a long duration, so it’s not a session cookie by design. This issue seems to be specific to the iOS ecosystem.
What could be causing this behavior on iOS Safari and WebView, and how can I ensure these cookies are properly persisted?
{
setLoadedOnce(true);
lastLoadEndAt.current = Date.now();
failCount.current = 0;
if (healthTimer.current) {
clearTimeout(healthTimer.current);
healthTimer.current = null;
}
}}
onContentProcessDidTerminate={() => webRef.current?.reload()}
onRenderProcessGone={() => webRef.current?.reload()}
onShouldStartLoadWithRequest={() => true}
setSupportMultipleWindows={false}
onError={() => setTimeout(() => webRef.current?.reload(), 300)}
renderError={({ description }) => ⚠️ {description} }
onHttpError={(e) =>
console.log("HTTP", e.nativeEvent.statusCode, e.nativeEvent.description)
}
/>
What could be causing this behavior on iOS Safari and WebView, and how can I ensure these cookies are properly persisted?
