Tuesday, May 29, 2012

choking on cookies

Just a note: if you are designing an integration using iframes (like where your content shows up in an iframe on some other domain's site) you need to be aware of some pretty deep browser-specific issues involving cookies. IE will block cookies until some privacy blahblah is set; Safari has similar issues, but it's issue is about cookies on pages that haven't been directly navigated to (i.e. they've only shown up in an iframe, rather than the domain having ever been seen in the URL bar.)

There might be some further differences between the two cases; it seems like IE will allow cookies over the life of the page, at least, which is more than we got from Safari (which was a big issue because our pattern was to authenticate in one endpoint call, and then do further requests for more data) but don't quote me on that. The short of it is: you have to do a lot more QA on cross-brower issues if they involve iframes and other sites, and in fact the problem are so significant you should be thinking about them as you architect your embedded pages (and possibly doing rapid prototypes to make sure you can get to the cookies you need to when you need them.)

No comments:

Post a Comment