When a website keeps signing you out on iPhone (or you bounce between “Log in” and “You’re logged out”), the problem is almost always a session cookie that isn’t being saved or isn’t being sent back correctly.

Looping arrow around a key and cookie icon

Here’s a practical checklist to pinpoint the cause, plus the pitfalls that make the loop come back.

Quick mental model: what “stays logged in” actually means

Most sites use two pieces:

  • Session cookie: proves you’re logged in right now (often short-lived).
  • Refresh/remember token: helps the site renew your session (often longer-lived, sometimes stored differently).

If cookies are blocked, cleared, or partitioned unexpectedly, the site can authenticate you—then immediately “forget” you on the next page load.

Translucent cookie jar with padlock symbol

On iPhone, the most common triggers are privacy settings, content blockers, and sign-in flows that hop across domains.

Checklist: isolate the cause in 10–15 minutes

  • Confirm it’s the same device + same browser: if you start login in an in-app browser (like within an app) and finish in Safari, sessions may not transfer.
  • Try a private tab test: open a Private tab, log in once, then refresh a couple of times. If it behaves differently than normal tabs, your stored site data (or an extension) is likely involved.
  • Check if it only fails inside an embedded web view: if the issue happens in a social app’s built-in browser but not in Safari, that’s a strong clue.
  • Temporarily disable content blockers for that site: ad/privacy blockers can block login endpoints, cookie-setting responses, or redirects.
  • Verify “Prevent Cross-Site Tracking” impact: this can break some SSO and embedded login flows that rely on third-party cookies.
  • Look for multi-domain sign-in: if the site logs you in at accounts.example.com then redirects to app.example.com (or a payment/support subdomain), cookie scope and redirects matter.
  • Clear only that site’s data (not everything): remove the single site’s cookies/storage and retry.

If you do the steps above in order, you usually find the culprit without a full reset.

Pitfall #1: clearing “history” doesn’t mean clearing “login state” (and vice versa)

On iOS, “history” and “website data” are related but not identical. Some people clear history and expect the login problem to stop, while the broken cookie/storage state remains.

What to do instead: clear the site’s website data specifically (so you don’t log out of everything).

Stacked settings cards with a slider and broom icon

If the site works after clearing its data but the loop returns within a day, you’re probably hitting a tracking/cookie restriction or a domain-hopping sign-in flow.

Pitfall #2: cross-site sign-in flows (SSO) that depend on third-party cookies

“Log in with Google/Apple/Microsoft” and other SSO options often involve:

  • Redirects across multiple domains
  • Cookies set in one context and read in another
  • Pop-ups or new tabs that hand control back to the original page

On iPhone, privacy protections can cause a clean-looking login to succeed, then fail when the site tries to read the cookie in the final step.

Workarounds that often help:

  • Try the site’s email + password login (if available) to avoid cross-domain handoffs.
  • If you must use SSO, do it in Safari (not an in-app browser).
  • Temporarily test with content blockers off to see if a blocked redirect is the real issue.

Pitfall #3: in-app browsers that don’t share cookies with Safari

If you tap a link in an app (social, messaging, email) you may be using an embedded browser, not Safari. Even when it looks similar, the cookie jar can be separate.

Two separate browser contexts split by a divider

Signs this is the issue:

  • You can log in fine in Safari, but not inside the app.
  • You keep getting asked to authenticate after returning from a payment or SSO screen.
  • The site offers “Open in Safari” and everything suddenly works.

Fix: open the page directly in Safari and complete login there. If you need that app to work, look for its “Open links in Safari” setting (some apps offer it).

Pitfall #4: content blockers that break “invisible” login requests

Modern logins often call background endpoints (token refresh, session check, bot protection) that never show a visible error—your only symptom is a logout loop.

Try this narrow test:

  • Disable content blockers for the site.
  • Close the tab.
  • Reopen, log in, and refresh twice.

If that fixes it, you don’t have to uninstall blockers—just allowlist the site, or switch to a less aggressive blocking list for that domain.

Pitfall #5: time, VPN, or network weirdness that invalidates sessions

Less common, but real:

  • Incorrect device time can make tokens look “expired.”
  • VPN / iCloud Private Relay can change your IP/location frequently, and some security systems treat that as suspicious and end the session.
  • Captive portals (hotel/airplane Wi‑Fi) can interrupt redirects during login.

If the loop only happens on one network (or only with VPN on), test on cellular data and see if it stabilizes.

Takeaway: fix the loop by testing one variable at a time

Start by ruling out in-app browsers and content blockers, then clear only the site’s data. If the login flow crosses domains (SSO), expect cross-site cookie protections to be the real pitfall—and use Safari + a direct login method when possible.