I have noticed that when I make a request to a qlik report, it will go through the auth server and then I will get a ticket id and then the report is requested again, now with the qlikTicket url parameter attached. But requests to resources after that does not contain the qlikTicket parameter. They only have a large number, which I assume to be a timestamp?? It looks something like this:
From the example above, row 1 is the initial request to the report. Row 2 is the redirect to the auth server. Row 3 is the new request with a ticketID (after user was authorized). Row 4 is a request for a resource, but without the ticketID and the response is a redirect to the auth server (not listed here). Result: my auth server is flooded with requests and a ticket is consumed every time.
FYI: The name of my virtual proxy is "custom".
Can anyone explain this behaviour?
I have found out that the issue is that we are loading the qlik report in an iframe and it does not support cross domain cookies. That is why all requests are routed to the auth server. On the iPad we can change the cookie settings for Safari and then it will work. But still not working in Chrome on iOS.