Many IE and Safari versions silently rejects any cookie from pages inside an iframe causing to lose session status if you don't send P3P headers declaring your app's 'intentions'. This would be specially painful if you want to allow users to login and access to your app from a widget on a client's website, which were our case.
If you're working with Rails >3 maybe you want to use rack-iframe, a rack middleware which will send the appropriate P3P headers for you when needed without change any logic within your app. To use it just follow this steps:
Add rack-iframe gem to your Gemfile:
Rebuild your bundle:
$ bundle install
Add these lines on top of your config.ru
Forget this problem forever :-)