The default domain/origin where the app is running on iOS in WebView is capacitor://localhost so that could be your problem. I would recommend not relying on cookies though for auth in a Capacitor app. From my knowledge and what I’ve seen on this forum, many people have issues with them and they aren’t guaranteed to stick around between app sessions.
Here is a post I wrote a while back that describes some other options other than cookies - Best way to store Bearer token from API? - #2 by twestrick.