Suppose I have a site at www.example.com which has an IFRAME pointing to ASP.NET site myapp.othersite.com – this causes issues with session and 3rd-party cookies which I understand.
If I moved the embedded app to myapp.example.com, would the session cookie still count as a 3rd-party cookie as it is a different subdomain?
Best Answer
Cookies seem to be considered 3rd party if they come from different base domains (base domains being
example.comorexample.co.uk), but not if they come from different subdomains of the same base domain.myapp.example.comwill be able to set cookies with domainmyapp.example.comif it is embedded withinwww.example.com.Having
myapp.example.comset cookies with domain.example.comis unnecessary unless those cookies need to be read from a different subdomain.[Tested in Firefox, Chrome (with 3rd party cookies blocked) and Safari] [ThirdPartyUtil.IsThirdPartyInternal seems to be where this is checked in Firefox]