Cross-domain cookies in iframe Safari

11
votes

I have a problem with setting cookies in an iframe (which loads a site from another domain).
On my site X.COM I load <iframe src='Y.COM'>

Y.COM tries to set cookies, but Safari blocks they, as this site was not visited before. So loading Y.COM fails because it can't work without cookies. Is there a way to solve this issue?

P.S. I cann't modify any data at Y.COM.

P.S.S. Also we can modify Safari's settings - "Accept cookies" = "Always", but it is not a solution for me - it seems to be impossible to lead every user to do it..

1
iphoneiframecookiessafaricross-domain
I think the point of blocking it is that it shouldn't work. Creating a workaround would be violating the users trust.David Rönnqvist
So someone would go to your site and a page from you site would load a page on the other site AND it would transfer cookies to the site that the user never requested? I hope Safari and every other blocks this too.James A Mohler
@JamesMohler, I don't believe he's saying X.COM sends cookies to Y.COM, just that Y.COM requires cookies to function, and when loaded in an iframe it is unable to set them.Nathan Stretch
This answer may be of help: stackoverflow.com/a/6139648/160565Nathan Stretch

1 Answers

4
votes

I experimented a similar problem. A web "parent" page open my "child" website in a jquery fancybox i-frame cross-domain. Not problem at all with Explorer, Chrome, Firefox, Opera and even with Safari (5.8.1) on MAC. But with iPhone, iPad and mini iPad, the session in the i-frame is lost.

That's mean that at every click on an element in the i-frame (web site is in aspx) a new session started.

We solve the problem in a very simple way:

when the parent website start, it call a page in the child site directly (not in an i-frame). In this page I just set a session variable and I redirect to the parent website. Now when the child website is open in an iframe, the session is kept.