The default behavior of Safari is to only accept cookies from sites that you visit. This excludes third-party cookies. Safari treats the page inside an iframe as a third-party site. A cookie is set when the user interacts with the iframe (by clicking a link, for example).
There are several solutions to set a third-party cookie without the need for a user interaction. One solution which a tested and found working is:
$(function() { var isSafari = (/Safari/.test(navigator.userAgent)); // Workaround to set cookie in iframe (Safari) if (isSafari && <!--?= (isset($_SESSION['safari_session']) && $_SESSION['safari_session'] == 1) ? 'false' : 'true' ?-->) { $('#sessionframe').ready(function() { $("#sessionform").submit(); window.setTimeout(processApplication, 1000); }); $("body").append(' |
');
function processApplication() {
window.location.reload();
}
}
}); |
if you want to start a PHP session, the default behavior of PHP is to store the sessionid in a cookie. To force the browser to add the sessionid to the url user:
ini_set('session.use_cookies', 0); ini_set('session.use_only_cookies', 0); ini_set('session.use_trans_sid', 1); |
For security purposes you should limit the sessionid to the IP that created the session. This is not perfectly secure though, as someone with the same IP (behind a proxy e.g.) could reuse that very same session. Also IP addresses can change when travelling around with a wireless card and a lot of people using the internet get a new IP every 24 hours.
You may also be interested in creating your own session handling function (in conjuction with a database). You would ignore the session ID, and bind it to the IP address. (see examples on PHP.net)