CF_Authorization cookie not accessible on mobile

mm0109 · January 3, 2023, 12:44pm

Hi everyone,

I have an app protected with Cloudflare Zero Trust/Access using Facebook as the main identity provider but having some issues with mobile users.

The app is primarily written in PHP running on Apache and I have been able to access the CF_Authorization no problem with users on desktop, however, mobile users do not seem to be passing the cookie to the web server (PHP errors report that CF_Authorization cookie does not exist) so I am having a tough time authenticating requests.

Not sure if it’s related, but the /cdn-cgi/access/logout URL also doesn’t work on mobile but it does work on desktop.

I have mainly tested this on Safari using iOS 16.1.1.

Any advice would be much appreciated. Thanks!

samsongorr · January 3, 2023, 8:35pm

Try adding urls that don’t work to this website: https://search.google.com/test/mobile-friendly

mm0109 · January 3, 2023, 8:50pm

Sorry if this is a newbie question, but if my app is behind Cloudflare, how can that test access it without authenticating? When I run it against my app URL, it returns an error “URL is not available to Google”

samsongorr · January 3, 2023, 9:09pm

Try testing the code of the webpage instead (if you have access)
Otherwise you might have to contact support.

mm0109 · January 3, 2023, 9:17pm

Ok thanks, I can try to make a copy on a different URL and try to validate the site first.

samsongorr · January 3, 2023, 9:26pm

There is an option to add code directly