I'm having some trouble with one of our websites. We're using ASP.Net MVC 5, and the website is using HTTPS.
After logging in, the user is redirected to a Secure page, which includes a cachemanifest. This cachemanifest specifies a list of 8 resources that's needed to make the site available in offline mode.
Most of these resources require the user to be authenticated, and the controller for these resources have the [Authorize] tag above the receiving method.
But for some reason a large portion of iOS devices doesn't always send the .ASPXAUTH cookie, which redirects the request to the login page, which in turn causes the cachemanifest to fail. The .ASPXAUTH cookie is included in other requests from the same device, both before and after.
What can make the client leave out the .ASPXAUTH cookie for these requests?
