IBM Verify

IBM Verify

Join this online user group to communicate across Security product users and IBM experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

 View Only

  • 1.  Session cookies in iOS

    Posted Wed January 13, 2021 08:28 AM

    Hello. As we are trying to deal with iOS 14's latest technology addition "Intelligent Tracking Prevention" or third party cookie blocking we have run into an issue with session cookies in a mobile app. Lets say for instance we have a webseal url ourapp.mobile.com. For reasons I don't understand the developers have configured their app with a different origin like ourmob://app so isam session cookies from ourapp.mobile.com are being blocked as 'third party'.

    The only options I see to solve for it are have the developers change the origin to ourapp.mobile.com which they seem un-willing to do or change everything to stop using session cookies to more of an api protection model with oauth? I am considering trying to add a second domain in session-cookie-domains to include ourmob://app? Please let me know if any thoughts on a way to solve. We are on ISAM version 9.0.7.1. Thanks!

    ------------------------------
    Caroline Waters-Batko
    ------------------------------