I am using cookies to check whether a user is logged in (with Devise). When the app is embedded in an iframe (on http://lifeelevated.life/players/ ), and I access the page from my iPhone 6s, the browser doesn't list any cookies and the server isn't able to determine who is logged in.
I determined that this issue is experienced by Safari, not just iPhone. The cookies were being used on my macOS browser because I had personally visited the site where the iframe is hosted.
I addressed this issue by implementing a technique that checks for the cookie and then performs a redirect for clients that have not ever had one.
https://github.com/vitr/safari-cookie-in-iframe
To clarify, when a user comes to site T, we check for the cookie from site I. If there is no cookie, we redirect them to a page on I which simply redirects them back to T. Then, they are able to load T with the iframe from I, and while loading that iframe, their cookies are sent to I, to ensure a consistent experience.