I've come across a potential issue which is a little hard for me to test as I don't have an iOS device, but my client is reporting that using their L5 powered web app, if they enter it through iOS's 'full screen web app' mode, any time they close it and reopen it they have to log in again.
I actually have the app set up with a hardcoded 'remember me' boolean during the auth process, and I separately auto log out users after 4 hours. config.session.expire_on_close is set to false.
Any browser I've tried works as expected.
I found this thread about iOS full-screen web apps on StackOverflow: http://stackoverflow.com/questions/7077518/ios-full-screen-web-app-drops-cookies which seems to suggest that for some reason you have to rewrite the session cookie to make it stick with this iOS mode.
Anyone come across this before?