I have a Cakephp 2.3 website with a login system that works absolutely fine when accessed directly via its URL. Navigation between pages that don't required being logged in works, when you submit the login form with correct credentials it takes you to the restricted area, if you click on a link that requires being logged in the system recognizes that and takes you to the login page, etc.
However, when I load that same website from another website (using an iframe), the login system stops working. If you submit the login form, even with the correct credentials, it takes you back to the login page. If you try to access a restricted page, same thing. All this without showing any failed login errors or a "you're trying to access a restricted page" message that it shows when accessing the website without an iframe. The navigation between pages that don't require being logged in does work fine though.
The iframe code is as basic as it gets: <iframe src="https://mywebsite.com/" width="100%" height="700" frameborder="0"></iframe>
I've been dong some research and I can't figure out what's going on. I've tried enabling CORS just in case, because both websites are on different domains (same server), but that didn't make a difference. I don't have any code on the website, as far as I know, that would cause this. Both websites are loaded via https.
Any ideas of what could be going on?
