Versions Compared

Version Old Version 1 New Version Current
Changes made by

Jonathan Schmale

Jonathan Schmale

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  1. With the file named session.settings.config

    1. Create a backup of the file

    2. Edit the file

    3. Replace its contents with the contents from the file session.settings.iframe.config

  2. With the file named httpcookies.settings.config

    1. Create a backup of the file

    2. Edit the file

    3. Replace its contents with the contents from the file httpcookies.settings.iframe.config

  3. You may need to delete the cookies that your browser is caching to allow the new changes to take effect.. The steps for deleting cookies will vary depending on what browser you use. 

image-20241126-202542.png

Clear

...

Your Cookies

If after making these changes you still cannot login - you likely need to clear your cookies. The steps for deleting cookies will vary depending on what browser you use. 

...

The web.config file references the modified configuration files.

...

Safari - Permission Required

Safari blocks all third-party cookies by default. To get access to cookies - which we need to even login - we have to use the Storage Access API to request access. That’s after having the user at least click on the site when it’s not framed and create a cookie there.

They describe the requirement here: https://webkit.org/blog/11545/updates-to-the-storage-access-api/

Storage Access API documentation

https://developer.mozilla.org/en-US/docs/Web/API/Storage_Access_API
https://developer.mozilla.org/en-US/docs/Web/API/Document/hasStorageAccess
https://privacycg.github.io/storage-access/

More references

https://blog.certa.dev/third-party-cookie-restrictions-for-iframes-in-safari
https://stackoverflow.com/questions/59723056/safari-13-iframe-blocks-cors-cookies

-- This means that in effect, the existing cookie must also be set on the same exact sub domain.
https://stackoverflow.com/questions/61019608/cannot-set-cookie-in-iframe-using-the-storage-access-api-on-safari

Safari Login Process

With version 16.12.5.4 there is a possible Safari login process that will look something like this:

The user will try to login but then will encounter an error at which point a new button will appear:

...

The user needs to click the Enable Sign In… button which pops up a page from the site which the user is prompted to enable the use of cookies.

image-20250129-214127.pngImage Added

When the user clicks the Enable Login button it returns with a message telling them they can now close this window and return to the previous site.

image-20250129-214250.pngImage Added

When they return to the original site - they should refresh the page and try to login again. Then they will be prompted to allow cookies.

image-20250129-214442.pngImage Added

After they click allow - they need to:

  • refresh the site again

  • try to login again

at which point they should be able to successfully login.

Future logins won’t prompt them to redo this for some time. I believe Safari requires the user to have direct access to the original site every 30 days. (This is what the popup “My Authorization” page does for them.

Testing Safari - Reset

If you’ve already tested this process on an iPhone and want to reset it to try again - you have to Clear History.

  • Settings

  • Apps

  • Safari

  • Clear History and Website Data