Loading...
April 9, 2012#

Safari 5.1.4 enforces cookie policy

If you’re familiar with coding iFrame Apps for Facebook, you might be interested in this:

An issue existed in the enforcement of its cookie policy. Third-party websites could set cookies if the “Block Cookies” preference in Safari was set to the default setting of “From third parties and advertisers”. support.apple.com/kb/HT5190

In short: before 5.1.4 you were able to trick Safari with a cookie set through JavaScript or a .htaccess to prevent losing the session. Sadly, this no longer works. I’d be quite interested if Facebook is going to provide a solution or a new workaround.

See also on Stack Overflow: Safari 3rd party cookie iframe trick no longer working?

Update
There’s a solution. I load this script (slightly modified) along with the permission dialog and it works fine. It’s not the most beautiful method, but it’s solid and the user shouldn’t notice.

Update 2
I enhanced the script a little bit to only fire in Safari:

function setCookie()
     {if (navigator.userAgent.indexOf('Safari') != -1 
     && navigator.userAgent.indexOf('Chrome') == -1
     {window.open('safari.php','','width=200,height=100');}
}

safari.php is where you set the cookie.