Solved! Go to Solution.
Are you using any secure cookie flag on dispatcher or setting the cookie on secure domain using code?
When you said it works on author/publish, does it work with HTTP or HTTPs or both?
When you are accessing via website i.e., via dispatcher is it on HTTP or HTTPs?