SSO redirect loop with Lax cookies, but only for my IPhone?!

The specific bug is

Same-Site Lax cookies are not sent with cross-site redirect from a client-initiated load

In plain English, that means that things break when you enter your site url directly in the address bar, or when you click a link from another app. If you follow a link to your site within safari, it should work fine.

It was fixed in release 77 of the technology preview, but it doesn’t look like the fix made it into this week’s iOS 12.2 release :frowning:

7 Likes