This is broken for wildcard cookie injection. Definitely an issue with iOS 16 and I see no release notes or documentation that covers it.
Specifically injecting a cookie on a site such as sub.example.com with the domain .example.com used to work but no longer does and this contradicts the Apple documentation:
https://developer.apple.com/documentation/foundation/httpcookie/1393015-domain
If the domain does not start with a dot, then the cookie is only sent to the exact host specified by the domain. If the domain does start with a dot, then the cookie is sent to other hosts in that domain as well, subject to certain restrictions. See RFC 6265 for more detail.
Injecting with sub.example.com works as expected. Injecting with example.com does not work.
Joshua-Poq
Users receive reputation points by contributing quality content to the forums.
Posts include post and replies published on the forums.
Post authors can mark replies as Accepted to indicate successful solutions.
Apple Developer Forums admins can mark replies as Apple Recommended to indicate an approved solution
Post
Replies
Boosts
Views
Activity
Update on this: I submitted a sample project to Apple.
However, I have found that this works on Apple's website in the sample app but not on our own which points to a web config issue.
This was working in previous iOS versions, is no longer working in iOS 16, and there has been no change posted by Apple so I am still convinced something is wrong here. Just waiting for a response...