Documentation Center

Experience Manager and cross-site cookies

The Experience Manager user interface takes the form of an iframe on your staging webpage; therefore, it is treated as a third-party context. This may result in problems with cookies. You must set up your staging website and Experience Manager website in such a way that these problems are avoided.

The first part of solving cross-site cookie issues is to apply SameSite cookies. The Experience Manager website uses SameSite cookies. To learn more about cross-site cookie issues in general, and how to solve such issues using SameSite cookies, refer to the following resources:
The next part of solving cross-site cookies issues is to set up the Experience Manager website and the staging website as follows:
  • Make sure that both websites use the HTTPS protocol
  • Make sure that both websites shared the same eTLD (effective Top-Level Domain)
For further reference, consider the eight different ways in which you could set up the two websites:
Setup 1Setup 2Setup 3Setup 4Setup 5Setup 6Setup 7Setup 8
Experience Manager protocolHTTPHTTPSHTTPHTTPSHTTPHTTPSHTTPHTTPS
Staging website protocolHTTPHTTPHTTPSHTTPSHTTPHTTPHTTPSHTTPS
eTLDsamesamesamesamedifferentdifferentdifferentdifferent

Now see how each browser handles the various setups:

Setup 1Setup 2Setup 3Setup 4Setup 5Setup 6Setup 7Setup 8
Google Chromeyesyesnoyesnononoyes
Google Chrome incognito modeyesnonoyesnononono
Mozilla Firefoxyesyesnoyesyesyesnoyes
Mozilla Firefox private modeyesyesnoyesyesyesnoyes
Microsoft Edgeyesyesnoyesnononoyes
Microsoft Edge InPrivateyesnonoyesnononono
Safariyesyesnoyesnononoyes
Safari Private Browsingyesnonoyesnononono
Microsoft Internet Exploreryesyesnoyesyesnonono

As you can see, the only setups that work across all browsers are #1 and #4. Of these, #1 is not secure and therefore not recommended.