Video requiring asp.net authentication not working on iOS 10

We have the exact same problem with a completely different technology stack (Linux, PHP, Moodle). Our session cookie is not sent with video (and audio) requests.

We weren't able to figure out a way to make iOS behave properly here, so we are doing an emergency patch to solve the problem by detecting iOS 10 and sending it to a different script to serve the video, passing a securely encrypted version of the session cookie value inside the path to this script, and then doing various hacks so that the value from the path gets used to identify the session from within that script (instead of the nonexistent cookie). This change works but is complex, has minor security implications, and might be harder to implement on different technologies.

This seems like a major problem with iOS 10 so I would hope that it might be fixed in a future update. Also, I note that although our session cookie is not included with the video, several other cookies are included! I couldn't actually figure out which ones weren't. (One of the first things I tried was to use a timed-expiry instead of session cookie, but this didn't get sent with the video either.)

Solution is to be found here:

HTML5 video/audio player on mobile Safari (iOS 7 & iOS 10) excludes cookies

Set an expire date to the cookie and the video player in iOS 10 can read back the cookie. Session cookies without an expire date can not be read back by the video player in iOS 10.

My solution is here: https://stackoverflow.com/a/40015409/7012293

Basically you need to send a 403 forbidden if the session cookie is missing. Safari will retry with the session cookie.