Setting cookie in iframe that is in different domain

To set a cookie in an iframe that is in a different domain than the parent site, you can use SameSite=None. These are called third- party cookies.

Here is a site where you can test this .

This works on:

  • Chrome (normal)
  • Firefox (normal and incognito)
  • Edge (normal and incognito)
  • Safari (incognito apparently)

This does not work on:

  • Chrome (incognito)
  • Safari (normal)

This is due to the blockage of third party cookies

This is toggle on Chrome incognito that if it’s disabled, the cookies will work.

For other settings on how to disable this, you can go here

Webkit also announced that third-party cookies are disabled by default from 24th of March 2020 and this will roll out eventually on every browser that uses webkit.

I also expect this to be reflected by other browsers in the near future.

If you think you can use localStorage , think again. That is also blocked when third-party cookies are blocked.

This is great news for security but what about the sites that still need this to work properly? What should iframes use to remember data when they are embedded in other domains? A friend of mine said that iframe are becoming deprecated and embedded widgets are the future.

What do you think?

Leave a Reply

Your email address will not be published. Required fields are marked *