My current project is a Facebook application that runs as an iFrame ‘inside’ of a Facebook page.
We use a limited number of cookies to reduce the number of calls to Facebook and what we believe, increase the efficiency of the application.
Safari, in an attempt to simplify matters, makes them much more complex. Its default security settings for cookies stipulate that the browser will accept cookies only from the sites that you navigate to. So if you navigate to facebook.com, any attempt to set a cookie from an iFrame that is not under the facebook.com domain will fail. Possible solutions:
- Tell your users they must enable cookies to use your app. Still paranoid users will scoff as you are telling them to change security settings in their browsers
- Use URL rewriting
- Turn users of Safari away, telling them to use Firefox instead
Either way, Safari makes life that much less nicer.