• caglararli@hotmail.com
  • 05386281520

Set cookie inside iFrame domain not seen

Çağlar Arlı      -    60 Views

Set cookie inside iFrame domain not seen

I'm trying unsuccessfully to set a cookie in an iframe cross-domain. I've found elsewhere (https://stackoverflow.com/questions/2117248/setting-cookie-in-iframe-different-domain, https://stackoverflow.com/questions/4701922/how-does-facebook-set-cross-domain-cookies-for-iframes-on-canvas-pages) that it should be possible with some caveats.

My scenario is the following: I have a page served from https://a.com/sample which contains an iFrame served from https://b.com/sample. The b.com/sample page set a cookie for b.com domain (samesite=none, secure, httponly).

If I load the original b.com page https://b.com/sample in the browser window I correctly see the cookie set and it is available for other b.com pages (https://b.com/some-other-page); If I load the https://a.com/sample page I see the cookie set inside the page, but if I switch to other b.com domain pages the cookie is not available.

I suppose this is due to cross-domain security checks (I tried on Safari and Firefox), is there any way to make this work? I see the same behavior if I switch to localStorage