Many things out there relying on e.g. sessions as described, can similarly have certain session restrictions applied, to avoid that private session information (such as e.g. your login data) becomes compromised.
One thing that sessions can be (and, at least in the past - commonly have been) limited to, would be the IP address that the user originate from.
Since you mention mobile devices, it sounds like they are most likely roaming between between multiple IP addresses, and that the WooCommerce session could be restricted based on the IP address that the user originally originated from.
Roaming from e.g.
192.0.2.123 might not do any difference at all, but if they are roaming all the way from e.g.
203.0.113.208, there is quite a bit of difference from the IP address it had, to the IP address it have now, and that could kill a session, if the session is being tied to the IP address(es).
Switching between their cellular data connection and e.g. their home WIFI, would be one of many ways that would typically cause a switch of the public IP address(es) the device originate from.
Depending on how your stuff is being operated, you might also want to look at e.g. “Restoring original visitor IPs”:
Under the condition that you are not properly restoring the original visitor IPs, the IP addresses that I reach your site through, would appear as Cloudflare IP addresses, on Proxied () records.
If my ISP originally routed me through Cloudflare’s datacenter in Copenhagen while connecting towards your site, but that my ISP (for whatever reason) is now sending me through Cloudflare Stockholm instead, then that would also give you a very different set of IP addresses, and could cause similar issues due to such IP or IP-range restricted sessions.
I believe the above would be the best plausible reason I can find, based on the explanation you provided.
Whether or not (including eventually how) WordPress/WooCommerce would allow you to adjust any eventual restrictions on their sessions, would be something you would need to coordinate with them though.