I have spent an embarrassingly long time tearing my hair out due to a problem that happens with the Safari browser both on MacOS and iOS. This problem does not affect Chrome, Firefox or IE. I hope this post helps someone else.
Our use case is a bespoke web based front end using the Mango API. We will use the Mango web interface for administration and expect our users to use the bespoke front end only.
If hosting a web site on a different domain to Mango, Safari users will have to change their settings or any attempt to use the realtime Mango API will result in 'NOT LOGGED IN' error messages. This is caused because Safaris default configuration will prevent it from sending the authentication cookie when initiating the web socket connection.
The setting in question is 'Cookies and website data'. It must be set to 'always allow'.
Using the same domain but different ports (enough to require CORS headers be configured for AJAX requests) will NOT cause this problem.
I believe that anyone trying to keep web server and Mango as separate concerns will have to experiment with subdomains.