Hello, Thanks for your response. The upgrade to iOS 14.5 fixed the issue only for some users. Not for all of them. I specified the user-agent just to show you that the user who still experience this issue has upgraded to iOS 14.5. Here are the details regarding the circumstances in which the problem occurs: An in-app browser tab is opened (ASWebAuthenticationSession) to let the user login to our application (OIDC flow) The user authenticates and the authentication server redirects him/her (with a 302) to the authorization endpoint with a set-cookie header containing the session cookies (set-cookie: session=xxxxxxxxxx; path=/; expires=Thu, 20 June 2021 20:25:45 GMT; samesite=none; secure; httponly) When calling the authorization endpoint, after redirection, the cookie is not sent to the authentication server by Safari. The cookie header is empty. What is strange is that this only affects some iOS users on different versions including 14.5 ... Regards,

Hello, Do you have some feedback regarding this fix? The upgrade to iOS 14.5 fixed the issue for some of our users but not for all of them. For example, this issue persists with a user with this user-agent: Mozilla/5.0 (iPhone; CPU iPhone OS 14_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1 Mobile/15E148 Safari/604.1. From the logs I can see that, with ASWebAuthenticationSession, cookies that are correctly set by our server in set-cookie header but are not sent by Safari in the following calls. I precise that we only use first-party cookies. This concerns a very small number of users but they are completely blocked with no other solution than to reset their iPhone or to buy a new one. Regards,