Confirm storage with the Cookie Test
Run the Cookie Test and Storage Test. You want green checks for first-party cookies and third-party cookies. If third-party cookies show blocked, keep this tab open, apply a fix, and rerun the tests after each change. On real sites, the symptom is usually an endless login loop, a blank checkout iframe, or an SSO popup that closes immediately.
Fix 1: Allow third-party cookies for the affected site
You rarely need to enable them globally; add a targeted allowlist entry instead.
- Chrome / Edge: Settings > Privacy and security > Third-party cookies → choose Block third-party cookies for baseline, then under Sites that can always use cookies add the domain hosting the login or payment iframe (include
https://and check Including third-party cookies). - Firefox: Settings > Privacy & Security > Enhanced Tracking Protection → set to Standard. Click Manage Exceptions and add the identity or payment domain.
- Safari: Settings > Privacy → uncheck Prevent cross-site tracking while you complete the flow. Re-enable afterward.
- Reload the page and rerun the Cookie Test. The third-party line should turn green.
Fix 2: Clear stale cookies for the identity domain
Bad cookies can break SSO handshakes even when cookies are allowed.
- Open chrome://settings/siteData (Firefox:
about:preferences#privacy→ Manage Data). - Search for the identity provider domain (for example
accounts.google.com,okta.com,auth0.com). - Remove data for that domain, reload the app, and sign in again.
Fix 3: Disable extensions that strip third-party cookies
Privacy extensions often remove cookies even when the browser allows them.
- Turn off strict modes in uBlock Origin, Privacy Badger, DuckDuckGo Privacy Essentials, NoScript, or similar tools.
- Add the login/payment domains to their allowlists.
- Open the app in Incognito/InPrivate (extensions off by default) to confirm the extension is the culprit.
Fix 4: Avoid private browsing for flows that need persistence
Incognito/Private windows erase cookies on close and often block third-party cookies by default. Test in a normal window to see if the login succeeds. If you must stay private, add the required domains to the allowlist before you start the flow.
Fix 5: Check company or school policies
Managed browsers may block third-party cookies to meet compliance goals.
- Visit
chrome://policyoredge://policyand look forBlockThirdPartyCookiesorCookiesBlockedForUrls. - If policy enforces blocking, share the failing line from the Cookie Test with IT and request an exception for the necessary domains.
Fix 6: Align time, date, and timezone
Mismatched system clocks can invalidate authentication cookies immediately.
- Sync time automatically in your OS settings.
- Clear cookies for the login domain once the clock is corrected, then retry.
Fix 7: Allow popups if the flow opens a new window
Some SSO and payment flows launch a small popup that sets third-party cookies and returns control.
- Chrome / Edge: Settings > Privacy and security > Site settings > Pop-ups and redirects → add the login domain to Allowed.
- Firefox: open Settings > Privacy & Security > Permissions > Block pop-up windows and click Exceptions to allow the domain.
- Retry the flow and rerun the Cookie Test to confirm third-party storage is allowed.
Verify the fix
Run the Cookie Test again. Third-party cookies should now read yes. Then retry the login or checkout flow without closing the tab. If it still fails on a managed device, the block is policy-based; capture the failing test output and escalate to IT.