Several iPhone/iPad devices are losing their login cookie if the app or tab is closed right after logging in.

What I have found in my research and addressed without luck:

1. Safari might have disabled cookies by default (Cookie is not working in MAC -Safari & IOS Mobile- Safari)

   • Checked and cookies are enabled

2. Someone mentioned commas and semi-colons in the cookie value don't work on Safari (Cookie is not working in MAC -Safari & IOS Mobile- Safari) (Strange problem with cookies in Safari and Asp.net)

   • Code does an FormsAuthentication.Encrypt() to convert everything to upper-case characters

String hash = FormsAuthentication.Encrypt(ticket);

• Turned off FormsCookiePath when creating the FormsAuthenticationTicket in case the path had invalid characters on iOS and Android

FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(
  1,
  user.MemberNumber.ToString(),
  DateTime.UtcNow,
  DateTime.UtcNow.AddDays(numOfDays),
  true,
  string.Empty);
  //FormsAuthentication.FormsCookiePath);

3. AppPool might be resetting the encryption key (Making user login persistant with ASP .Net Membership)

   • Verified that the machineKey was being updated

4. Safari might be set in Private Mode for browsing (Cookies not saved between browser sessions on iOS Safari)

   • Verified that Safari is not in Private mode

5. web.config might need cookieless explicitly set for using cookies with forms authentication (http://www.bloggersworld.com/index.php/asp-net-forms-authentication-iphone-cookies/)

   • Added cookieless=”UseCookies” to <authentication><forms>

6. Safari has troubles setting the cookie when doing a redirect to My Account (Safari isn't saving cookies, but Chrome is)

   • Added header to Response object for safari users (At first this seemed to work for the iPad but not anymore)

if (HttpContext.Current.Request.Browser.Type.ToLower().Contains("safari"))
{
    HttpContext.Current.Response.AddHeader("Set-Cookie", CookieName + "=" + cookie + "; path=/; domain=" + HttpContext.Current.Request.Url.Host + ";");
}

7. Use Web Inspector on MacBook to make sure the cookies are dropped on the iPhone

   • Everything works great on the iPhone when it's connected to the MacBook, but breaks when it's disconnected.
   • In fact, when removing the cookie while connected, Web Inspector in Safari on the MacBook shows the cookie has been deleted, yet when I disconnect and try accessing the site on the disconnected iPhone it still shows logged in. I then re-connect the iPhone to the MacBook and the original cookie is still there.

8. iOS11 seems to be much more locked down in terms of what cookies it accepts. (Cookie persistence in iOS Safari/Chrome)

   • Added the domain to the cookie creation

Other Non-Applicable Issues

• Safari doesn't get cookies when using an IFRAME
• Safari doesn't read 3rd party cookies

Source: Safari 3rd party cookie iframe trick no longer working?

I'm not sure why cookies aren't being saved until someone moves around the site, but it's easily replicated this way:

1. Go to the site
2. Log in (the login redirects the user to their "My Account" page)
3. Close the app
4. Return to the app (the tab is already at the "My Account" page which redirects the user to the login because the browser doesn't find the cookie and thinks the user is not logged in.

Based on your header response code...

HttpContext.Current.Response.AddHeader("Set-Cookie", CookieName + "=" + cookie + "; path=/; domain=" + HttpContext.Current.Request.Url.Host + ";");

... it looks like you aren't setting an expiration date. Cookies with no expiration date are referred to as "session cookies" and get deleted between browser sessions (e.g. closing and re-opening safari on iOS).

What you want is a "persistent" cookie, which is simply a cookie with the Expires attribute set to some time in the future. You can also use the Max-Age attribute to achieve the same effect.

See the Mozilla docs for more.