Ionic 4 not storing updated authentication cookie on iOS and Android

All of a sudden today, our deployed Ionic app stopped accepting the authentication cookie returned by our server. We have made no changes to the app or the server, so we are quite puzzled. After debugging these requests, we confirmed that the SET-COOKIE header is coming back from our login endpoint, but it is not used on requests made after via HttpClient.

This only happens on iOS and Android, running ionic serve everything works.

Any ideas on this one?

We figured out the issue. It was related to the new chrome cookie security policy. We had to update our server to provide SameSite=None cookie on all requests to supporting browsers (older browsers it will break though in some cases). Here is some additional information as this change is going live in the next few weeks on all devices. I think it’s about to be a s*** storm.

https://www.chromestatus.com/feature/5088147346030592 https://www.chromestatus.com/feature/5633521622188032