HTML5 video / audio player on mobile Safari (iOS 7 and iOS 10) excludes cookies

advertisements

I have noticed that the HTML5 video/audio player (AppleCoreMedia) on mobile Safari on iOS 7 excludes all cookies, even first-party cookies. Not even sessions cookies are included in the HTTP-header. This makes it impossible to relay on cookie authorization when playing a video clip in mobile Safari on iOS 7.

All cookies are included correctly running iOS 6 but on iOS 7 no cookies are included in the HTTP-header of AppleCoreMedia.

Can some one else confirm this issue on iOS 7?

Steps to reproduce is:

  1. Create a cookie on a web page.
  2. Play a HTML5 video clip on the same web page using mobile Safari in iOS 7.
  3. Check the server logs for AppleCoreMedia and look for the cookie.

Update 2016-09-20: The video player in iOS 10 (AppleCoreMedia) is not able to read session cookies. Only cookies set with an expire date is readable by the video player.


For iOS10, if you respond with a 403 forbidden, AppleCoreMedia will somehow try again but this time with the missing cookies. If you have code that redirects to login page when the session cookie is missing, video will not work on iOS 10.