I asked about this in the Discord and they suggested that I start a thread here. When you're in private mode on iOS:
- Sign into a website
- Long press a link on that website and tap open in new private tab
You will see that the new tab is not signed in. I have never used a browser that works this way, including mobile Safari. It doesn't really make much sense to me security wise. If you sign in and then follow a link in the same tab, your session will persist with the site and you'll stay signed in. If you tend to browse sites by opening new tabs, you basically can't do that currently. I can't really figure out what security risk this is mitigating if it's intentional. The cookie will only be available to the site that issued it regardless of if it's in the same tab or new tab so I don't see why a new tab should be a special case.
I would expect links opened in new tabs would share cookies/sessions with the tab that opened them, especially if it's opening to the same domain. I would expect the new tab to stay logged in.
1.3.8 (13) (Webkit 8618.1.15.10.15)
17
