Cross domain cookie blocking

  • Resolved cihomewood

    (@cihomewood)


    2 years ago

    Hi

    We are using Advanced iFrame to integrate our website with an external membership system.

    The integration works perfectly on Windows and Android, but Apple mobile devices have started blocking cross domain tracking cookies. That means we cannot store the cookie to show the user has logged in.

    There is a lot on the net about this, with various solutions offered. The one which seems to currently be most reliable generates a button which asks the user to confirm they trust the site.

    Our developer is going to see if this will work for us, but I would like to know if any other solution has been found for the Advanced iFrame plugin.

    Thanks in advance.

    Ian

Viewing 4 replies - 1 through 4 (of 4 total)
  • Plugin Author mdempfle

    (@mdempfle)

    Hi,

    I have implemented a workaround for it:

    https://www.tinywebgallery.com/blog/advanced-iframe/advanced-iframe-pro-demo/3rd-party-cookie-in-iframe-workaround

    Also see:

    https://www.tinywebgallery.com/blog/advanced-iframe/advanced-iframe-pro-demo/how-to-use-the-samesite-cookie-fix

    As the cookies als need to have Secure;SameSite=None set.

    Best regards,
    Michael

    Thread Starter cihomewood

    (@cihomewood)

    Thanks Michael

    I have received the following response from the developer of the website we are trying to embed :

    I have been through all of the documentation around the advanced iframe solution but it won’t be able to work for us I’m afraid. It causes the main Southport page to redirect to an SM page which can set a cookie and then redirects back again, which is a bit clunky but in the main the cookie which can be set has to be hard coded in javascript like storing a free test value. As our cookies are authentication tokens and have to be generated server side, this won’t work.

    Do you have any ideas about how we can overcome this?

    All help appreciated.

    Ian

    Plugin Author mdempfle

    (@mdempfle)

    They should check again.

    The workaround is: if you set any cookie directly all other cookies work then!
    So there is this “fake” cookie. Once set, other cookies can be set the normal way.

    So far I only know this solution to get it work. This is why I implemented the possible solutions.

    Best regards,
    Michael

    Thread Starter cihomewood

    (@cihomewood)

    Hi Again

    We have now resolved the issue and the solution didn’t actually require any of the plugin functionality.

    We have amended our DNS to create a subdomain pointing at the target website. Our iFrame urls now point at the subdomain. Because this is a subdomain of our website domain it sees the cookies as local and everything works perfectly.

    I hope this solution helps some others.

    Ian

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘Cross domain cookie blocking’ is closed to new replies.