background image

Cookie Support, and Mobile Devices

daniel.hunt's picture
Posted by daniel.hunt - 04 Jun 2008
Twitter share icon Facebook share icon Google Plus share icon

If you're a regular on the site, you'll have noticed that we have been hard at work creating a new Test Suite that will play nicely with DeviceAtlas.
During its development, I've had to put up with a ridiculous amount of obscure problems, but there's one that continually rears its ugly, ugly head and makes life hell for me. Cookie support. Or lack of it.

Cookies are taken for granted on the non-mobile internet, and I'm not really around long enough to remember it ever being any different (I can hear the gasps from the back row!), so it came as quite a surprise to me to learn that mobile devices don't play ball. Or at least, they try to play ball.

Take, for example, the absolutely wonderful (I had the 6230 for quite some time) Nokia 6230i, and the not-quite-so-fantastic Samsung SGH-ZV10. While testing yet another cookie related issue with the new system (which will hopefully go live in the very near future), I discovered that I was actually sending 2 cookies to the device. The first was an automatic domain level cookie, such as: The second was one that I was purposefully sending to the device, which was a host level cookie, such as (notice the initial '.' in the domain level one?). My problem was this: the Nokia could login to the site with no problems, but the Samsung couldn't!

The fact that I was sending 2 cookies instead of the 1 that I thought I was sending, was pointed out to me, and I was linked to an extraordinarily helpful blogpost at Mippin, with the ever so convenient title of Cookie Conundrums.
Thanks to their legwork on the problem, and the annoying issue that I was currently dealing with, I discovered that cookie support on mobile devices is not guaranteed! (I know, shock shock, horror horror). And not only is it not guaranteed, but it varies from device to device (the Nokia accepted both cookies, but the Samsung accepted only the host level one). Again I remind you, that this is not something I'm used to dealing with :)

So, armed with this new found knowledge I proceeded to hack my local dev copy of Drupal to pieces in an effort to discover what on earth was going on.
Suffice to say, that Drupal outputs the domain level cookie regardless of the settings you may or may not have in your settings.php file. In order to prevent it from doing this, I had to hack the main file to include a switch which, if enabled would output the cookie as normal, and if disabled would output nothing!

Now, thanks to those helpful souls over at Mippin I can get back to doing real work :)


Posted by daniel.hunt - 04 Jun 2008

daniel.hunt's picture

dotMobi hotshot & diver

Posted by Werner Ruotsalainen (not verified) 7 years ago

Yup, cookie support is pretty much inconsistent in mobile browsers; particularly in ones that aren't a direct port of an already-debugged and conformance tested desktop browser - that is, aren't a direct port of them but, instead, have been developed from scratch (for example, NetFront).

I've run into some very similar problems ranging from summer time problems (see for example my related article at ) with NetFront. With Thunderhawk, there is a problem of permanently storing cookes in the file system.

With Opera Mobile 8.65 (of which I was a closed betatester) I've found a very similar problem to the one you've described (this was fixed upon I've reported this to the Opera folks; however, the problem may still be present in Opera Mini or the desktop Opera; haven't tested this): that is, the problem of the (sub)hosts.

Posted by daniel.hunt 7 years ago

Thanks for the information Werner, it certainly makes for some interesting reading!

Its amazing how beneficial standards are when it comes to things like this. We really do take them for granted, so when a problem occurs that appears to be outside of our normal area of experience, it really is very easy to get stumped in the early stages :)

Daniel Hunt

Daniel Hunt

Posted by darragh 7 years ago

I've noticed a problem recently with Vodafone customers in the UK 'losing' their cookies (and subsequently session) when browsing a mobile site.
The cookies seemed to get 'lost' when the customer's remote IP changed as they browsed the site - possibly due to some sort of load balancing on the WAP gateways.

I don't suppose anyone can shed some light on this?
The workaround I've used is to rewrite the Session ID into the URL.

Posted by daniel.hunt 7 years ago


Does this have anything to do with the OpenWave transcoding proxy between the user and the website's server? If you rerun your tests while using the non-transcoding-proxy gateway, can you replicate this issue? I'd be willing to bet that the issue you're experiencing has to do with a transcoder between the 2 endpoints :)

Daniel Hunt

Daniel Hunt

Posted by sjbhave (not verified) 7 years ago

Hi darragh,

We are experiencing the same problem with O2 UK users that the header Cookie: JSESSIONID=.............. gets lost as the user is browsing the mobile site (and yes when the request IP is changed) This is not happening for all the devices but only for some devices

Do you have idea when the request IP changes? Is it only load or is there something else also?

Posted by CelinT 6 years ago

Yeah those problems with cookies on the mobile phone are just annoying. The good thing is that nowadays the biggest part of phones can actually normally support cookies like your PC does. But the old ones don't support them at all. Thanks for the interesting thoughts mate. I have bookmarked your blog.


Matt Jutson from mobile application development

Posted by daniel.hunt 6 years ago

Glad you found it interesting Matt. I've been pretty inconsistent with my blog postings though - I must do something about that soon :)

Daniel Hunt

Posted by stevejonathan10 5 years ago

Well said Daniel.

This is the most common obstacle I've found earlier while developing mobile based web application development but I'm little bit dis-agree with Matt at the line which said by him But the old ones don't support them at all. We can upgrade software in old phones so that old phones can also support cookies.

Posted by imarion 4 years ago

Cookies are mostly supported, but third party cookies of the kind used in advertising are not universally supported.

My understanding from research a couple of years back on first-party cookies:

iOS and Android work fine
Blackberry depends on the user's settings, so is not very reliable
Windows Mobile had a limit of something like 20 cookies, and then additional ones pushed out the older ones from memory
* Feature phones generally didn't support cookies

For third-party cookies, the above is true, with the notable additional limitation that iOS devices default to blocking third-party cookies. So unless a user changes the default (unlikely), these cookies will not work on iPhones, iPads, etc.