I am working on an ionic app using the in-app-browser plugin to open an embedded webview.
The URL displayed in the webview replies with a "set-cookie" to start a new session, and redirects to a new url that loads the app. All this works fine.
The app loads ressources (js, images) and make XHR calls, which sends the session cookie just fine. At some point, randomly, the browser will stop sending the session cookie for one of the resources. It is not always the same resources, and it doesn't always happen.
In the example below, a request to load a favicon is sent with the cookie (OK). The next request doesn't send the cookie. As a result, the server will create a new session and set a new cookie.
First request:
Second request, no session cookie sent:
Why does the browser stop sending the session cookie?
Is it because of the existing JSESSIONID cookie for another subdomain? But it already exists on the first request.
Is it linked to the "Session" expiry? I tried setting the JSESSIONID cookie max-age with no success.
I am also aware of the "Lax+POST" fix in chrome, but this is a GET request.
Note that I haven't observed the issue on iOS safari (but as it is random, I am not 100% sure it doesn't exist).
