Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Setting cookie in iframe - different Domain

We have our site integrated as an iframe into another site that runs on a different domain. It seems that we cannot set cookies. Has anybody encountered this issue before? Any ideas?

like image 614
user1946784 Avatar asked Jan 22 '10 12:01

user1946784


People also ask

Can I access cookies from different domains?

You cannot share cookies across domains. You can however allow all subdomains to have access.

Can I load an iframe from a different domain?

Generally, web application allows script running between pages(parent and iframe pages) in the same domain based on same-origin-policy. Unfortunately it does not support scripts if different domain. The policy does not allow it.

Can you set a cookie for multiple domains?

As you may know, cookie can't be set in a different domain from another domain directly. If you're having multiple sites in where you need to set a cookie from a parent site, you can use basic HTML and JS to set the cookies.


2 Answers

Since your content is being loaded into an iframe from a remote domain, it is classed as a third-party cookie.

The vast majority of third-party cookies are provided by advertisers (these are usually marked as tracking cookies by anti-malware software) and many people consider them to be an invasion of privacy. Consequently, most browsers offer a facility to block third-party cookies, which is probably the cause of the issue you are encountering.

like image 163
Quentin Avatar answered Sep 20 '22 21:09

Quentin


From new update of Chromium in February 4, 2020 (Chrome 80). Cookies default to SameSite=Lax. According to this link.

To fix this, you just need to mark your cookies are SameSite=None and Secure.

To understand what is Samesite cookies, please see this document

like image 24
Hoang Trung Avatar answered Sep 17 '22 21:09

Hoang Trung