HTML5 video/audio player on mobile Safari (iOS 7 & iOS 10) excludes cookies

Question

I have noticed that the HTML5 video/audio player (AppleCoreMedia) on mobile Safari on iOS 7 excludes all cookies, even first-party cookies. Not even sessions cookies are inc

Answer 1

I'm hearing on the grapevine that iOS 10.2 will contain a fix for this problem

Answer 2

Using iOS 7.0.2, I am seeing cookies included in the request. Here's my user agent header:

User-Agent: AppleCoreMedia/1.0.0.11A501 (iPad; U; CPU OS 7_0_2 like Mac OS X; en_us)

Answer 3

For iOS10, if you respond with a 403 forbidden, AppleCoreMedia will somehow try again but this time with the missing cookies. If you have code that redirects to login page when the session cookie is missing, video will not work on iOS 10.

Answer 4

I have developed a simple test where you can check if your iOS device have this bug.

Read more about the test here!

Answer 5

The bug continues to exists in iOS 7.1

Obviously Apple is ignoring this bug and I can not understand why since it affects so many users.

I have been running some tests on a iOS 7.1 device that had this problem and it is pretty clear that the bug is related to the private browsing feature. Turning private browsing on and then off fixes the problem on the device.

Answer 6

This problem is not yet fixed by Apple. We are continuously receiving reports from our users running iOS 7.0.6 that they are not able to play video clips because no cookies are included in the header.

And for many users, turning safari into private mode, and then back to normal, does not fix the problem.

I have also noted that Dropbox wrote in their blog that they have reverted back to url token authenticating because of problems of these kind with video players.

Apple is continuously ignoring our bug report so this bug will probably not be fixed for a long time.