Experience Manager and cross-site cookies
The Experience Manager user interface takes the form of an iframe on your staging webpage; therefore, it is treated as a third-party context. This may result in problems with cookies. You must set up your staging website and Experience Manager website in such a way that these problems are avoided.
- Make sure that both websites use the HTTPS protocol
- Make sure that both websites shared the same eTLD (effective Top-Level Domain)
| Setup 1 | Setup 2 | Setup 3 | Setup 4 | Setup 5 | Setup 6 | Setup 7 | Setup 8 | |
|---|---|---|---|---|---|---|---|---|
| Experience Manager protocol | HTTP | HTTPS | HTTP | HTTPS | HTTP | HTTPS | HTTP | HTTPS |
| Staging website protocol | HTTP | HTTP | HTTPS | HTTPS | HTTP | HTTP | HTTPS | HTTPS |
| eTLD | same | same | same | same | different | different | different | different |
Now see how each browser handles the various setups:
| Setup 1 | Setup 2 | Setup 3 | Setup 4 | Setup 5 | Setup 6 | Setup 7 | Setup 8 | |
|---|---|---|---|---|---|---|---|---|
| Google Chrome | yes | yes | no | yes | no | no | no | yes |
| Google Chrome incognito mode | yes | no | no | yes | no | no | no | no |
| Mozilla Firefox | yes | yes | no | yes | yes | yes | no | yes |
| Mozilla Firefox private mode | yes | yes | no | yes | yes | yes | no | yes |
| Microsoft Edge | yes | yes | no | yes | no | no | no | yes |
| Microsoft Edge InPrivate | yes | no | no | yes | no | no | no | no |
| Safari | yes | yes | no | yes | no | no | no | yes |
| Safari Private Browsing | yes | no | no | yes | no | no | no | no |
| Microsoft Internet Explorer | yes | yes | no | yes | yes | no | no | no |
As you can see, the only setups that work across all browsers are #1 and #4. Of these, #1 is not secure and therefore not recommended.