⚠️ Important Notice: iOS 18.4.1 WebKit Changes & WKWebView Cookie Requirements

appos_nick
appos_nick
in Appos Studio

Hi everyone,

Apple’s recent iOS 18.4.1 update introduced several critical changes to WebKit, which directly affect how cookies are handled in WKWebView—particularly for apps that rely on web-based content.

We’ve already made substantial updates to the Appos Studio codebase to stay ahead of these changes, but we’re also encouraging all users to verify their own website/server configurations to ensure full compatibility going forward.

🔧 Required Server-Side Cookie Settings for iOS 18.4.1:

To maintain proper session behavior and data handling within WKWebView, your server should set cookies using the following attributes:

  • SameSite=None
    • Allows cookies to be sent with cross-site requests. This is critical for apps using WKWebView in iOS 18.4.1.
    • Example: Set-Cookie: csrf_token=abc123; Path=/; Secure; HttpOnly; SameSite=None
  • Secure
    • Ensures cookies are only transmitted over HTTPS, per Apple’s enhanced security policies.
  • HttpOnly
    • Protects cookies from JavaScript access, improving overall security.

These settings have become essential due to changes in iOS 18.4.1’s cookie policy and how WebKit now treats cross-origin traffic. You can also reference this ongoing discussion in the Apple Developer Forums for more technical context:

👉 WKWebView cookie issues in iOS 18

If your app or embedded site content is experiencing login/session issues or other unusual behavior on iOS 18.4.1 devices, this is very likely the cause. We’re continuing to monitor developments and will post any additional updates as needed.

Feel free to reply here with questions or reach out to the Appos support team directly for assistance.

Thanks!

Nick @ Appos

Sign In or Register to comment.

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In Register

Categories