Sessions logged out randomly on iPhone #53
Labels
bug
Something isn't working
Comments
|
Think I've finally got to the bottom of this! |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Started to see this a few weeks ago, others have a similar experience.
The discussion below suggests a workaround of setting the SameSite cookie to None rather than Lax.
https://bugs.webkit.org/show_bug.cgi?id=255524
Lax is more secure and should only be used as a temporary workaround. Perhaps only target iPhone user-agents* and place behind a feature flag so we can easily revert to Lax should the issue be fixed in the future.
There seems to be some contention between setting SameSite to None or nothing at all may resolve the issue. Make the feature flag SameSite configuration item a value so we can easily experiment (i.e. have a known "Null" value we interpret as not setting SameSite at all).
* The problem manifests on Chome on iPhone too, probably because they have to use WebKit - though this may be changing, but only in the EU - ruling the out the UK
The text was updated successfully, but these errors were encountered: