Cookies Blocked: Fix ChatGPT Login Failures

Blocked third-party cookies break OpenAI's login handshake and trigger a Cloudflare loop. Exact per-browser toggles to sign in again, verified June 2026.

Fastest fix: in Chrome or Edge, open chrome://settings/cookies, scroll to “Sites allowed to use third-party cookies”, click Add, and enter [*.]openai.com and [*.]chatgpt.com. Then clear existing ChatGPT cookies and log in fresh. If you are on Safari, uncheck Prevent cross-site tracking. That clears the large majority of cookie-related login failures.

When you sign in, OpenAI hands your browser off to its identity service on auth.openai.com, which writes a session cookie. The browser then bounces you back to chatgpt.com, where Cloudflare runs a quick “are you a real browser” check before letting you in. If your browser refuses to store or re-send those cookies, the handshake never completes. You see one of these:

  • A Cloudflare “Checking your browser before accessing…” screen that spins, then loops back to itself.
  • The login page reloading endlessly, or a blank screen after you enter credentials.
  • On the iOS app, signing in with Google fails with the exact error “Cookies are disabled”.

All of these usually trace back to the same root cause: a cookie that OpenAI needs is being blocked.

One thing that changed in 2026

The original version of this guide assumed Chrome was on track to block third-party cookies for everyone. That did not happen. Google ended the Privacy Sandbox initiative in October 2025 and now keeps third-party cookies in Chrome indefinitely under a “user choice” model. As of June 2026, third-party cookies are not blocked by default for most Chrome users.

What this means for you: if ChatGPT login broke recently, it is far more likely to be a per-site setting, a privacy extension, a corporate policy, or a leftover “block all cookies” toggle than a Chrome-wide default flip. Safari and Firefox, however, do still restrict cross-site cookies by default, so those browsers remain the usual suspects.

Which bucket are you in?

Run this 30-second triage before touching settings.

TestResultMost likely cause
Open ChatGPT in a fresh Incognito/Private window (extensions off)WorksA browser extension or a bad cookie (Steps 6, extensions)
IncognitoStill failsA browser-level or OS-level cookie setting (Steps 1–4)
chrome://policy shows BlockThirdPartyCookies = truePresentCorporate/managed policy — escalate to IT
Works in a different browser entirelyWorks elsewhereThe broken browser’s settings, not your account
You see a spinning Cloudflare check that loopsThird-party cookies or JavaScript blocked; also disable VPN/proxy

If Incognito works, skip the global toggles and go straight to disabling extensions and clearing cookies.

Common causes

uBlock Origin, Privacy Badger, Ghostery, and DuckDuckGo Privacy Essentials can all block cookies or scripts on auth.openai.com. Even when the browser’s native settings are permissive, an extension adds another layer. This is the single most common cause in 2026 now that Chrome itself no longer blocks third-party cookies by default.

How to judge: Try Incognito (extensions are disabled there by default). If it works in Incognito, an extension is responsible. Or click the extension icon and look for a count like “X requests blocked on this page”.

2. Safari or Firefox restricting cross-site cookies by default

Safari’s Intelligent Tracking Prevention has blocked cross-site cookies by default for years, and Firefox’s Enhanced Tracking Protection does the same in “Strict” mode. Safari 26 (macOS Tahoe) also added Advanced Tracking and Fingerprinting Protection. Any of these can drop OpenAI’s cross-site session cookie.

How to judge: Click the shield or privacy indicator next to the URL bar. If it reports blocked trackers or cookies for the OpenAI domains, this is your cause.

3. Corporate browser policy locks cookies

Edge for Business and managed Chrome can push DefaultCookiesSetting=4 (block all) or BlockThirdPartyCookies=true through group policy. The local toggle is greyed out with “Managed by your organization”.

How to judge: In Chrome, visit chrome://policy and search for BlockThirdPartyCookies or CookiesBlockedForUrls. If OpenAI’s domains are covered, the fix is an IT request, not a settings change.

4. “Block all cookies” left on from troubleshooting another site

You once tightened cookie settings to stop an abusive tracker, or installed something like “Cookie AutoDelete”, and never reset it. With “Block all cookies” on, even first-party cookies disappear, so nothing can keep you signed in.

How to judge: Open Settings → Privacy → Cookies. If the global policy reads “Block all cookies”, that is the problem.

5. VPN, proxy, or aggressive script blocker tripping Cloudflare

Cloudflare’s bot check sits in front of the login flow. A VPN exit node with a bad reputation, or a script blocker that stops the Turnstile challenge from running, makes the check loop forever even when cookies are fine.

How to judge: Turn off the VPN/proxy and reload. If the spinning Cloudflare screen finally passes, that was it.

Safari < 16, Chrome < 110, and Firefox < 102 lack CHIPS (partitioned cookies) and Storage Access API support that OpenAI’s auth flow can rely on.

How to judge: Visit chrome://version, or Safari → About Safari, and compare against the versions above.

Shortest path to fix

Each browser hides the setting somewhere different. Jump to yours.

Step 1: Chrome / Edge (most common)

chrome://settings/cookies
→ either flip "Allow third-party cookies" to on, OR
→ under "Sites allowed to use third-party cookies" → Add:
   [*.]openai.com
   [*.]chatgpt.com

A per-site allowlist is the better choice: it fixes ChatGPT without loosening every other site. Edge is nearly identical at edge://settings/content/cookies.

Step 2: Safari (macOS / iOS)

macOS Safari → Settings → Privacy
→ uncheck "Prevent cross-site tracking"
→ Advanced (or "Advanced Settings") → "Block all cookies" must be OFF
→ if present, set "Advanced Tracking and Fingerprinting Protection" to Off

iOS Safari → Settings app → Safari
→ uncheck "Prevent Cross-Site Tracking"
→ uncheck "Block All Cookies"

Safari has no per-site cookie allowlist, so you must loosen these globally to log in. Once you are signed in, the session cookie is stored as first-party, so you can re-enable cross-site tracking afterward and stay logged in. On the iOS app, the “Cookies are disabled” error when using Google sign-in is specifically fixed by turning off “Block All Cookies” here.

Step 3: Firefox

about:preferences#privacy
→ Enhanced Tracking Protection → choose "Custom"
→ uncheck "Cookies", or set it to "Cross-site tracking cookies only"

OR click the shield icon left of the URL bar
→ "Turn off protection for this site" (while on chatgpt.com)

Step 4: Brave

Click the Brave Shields icon for the current site:

Cookies → "Allow all cookies"
Block scripts → OFF
Cross-site cookies → set to Standard or Allow

Step 5: Turn off VPN/proxy if Cloudflare is looping

If you are stuck on the spinning “Checking your browser before accessing…” screen rather than the OpenAI login form, disable any VPN, proxy, or DNS-rewriting service, then reload. Confirm cookies and JavaScript are both allowed for chatgpt.com, openai.com, and auth.openai.com — OpenAI’s own login help requires both.

Step 6: Clear stale cookies, then log in fresh

After loosening permissions, leftover “partially written” cookies keep the UI complaining. Wipe them:

DevTools → Application → Cookies →
delete everything under chatgpt.com / openai.com / auth.openai.com
→ close all chatgpt.com tabs
→ reopen chatgpt.com → log in fresh

How to confirm it’s fixed

After a successful login:

  1. DevTools → Application → Cookies → chatgpt.com should contain __Secure-next-auth.session-token. If that cookie is present, the handshake completed.
  2. Refresh the page — your chat history loads normally instead of bouncing to login.
  3. Quit the browser, reopen it, and return to ChatGPT — you are still signed in, which proves the cookie persisted to disk rather than living only in memory.

If any of these fail, return to Step 1 for your browser.

FAQ

Why does ChatGPT need third-party cookies at all if it’s all one site? Login is handled on a separate identity domain (auth.openai.com), and the session cookie set there has to travel back to chatgpt.com. Browsers treat that cross-domain cookie as third-party in strict modes, even though both share the same parent domain.

Didn’t Chrome block third-party cookies in 2026? No. Google ended the Privacy Sandbox project in October 2025 and chose to keep third-party cookies in Chrome under a user-choice model. As of June 2026 they are not blocked by default for most Chrome users, so if your login broke, look at extensions, policy, or a leftover “block all” toggle first.

Incognito works but my normal window doesn’t. What’s the actual cause? Incognito disables extensions and starts with a clean cookie jar, so this points to a privacy extension or a corrupted cookie. Disable extensions one by one (or clear cookies for the OpenAI domains) in your normal profile.

The setting is greyed out and says “Managed by your organization.” Your machine is under a corporate policy that blocks cookies. You cannot override it locally — check chrome://policy to confirm, then ask IT to allowlist openai.com and chatgpt.com.

I see a Cloudflare “Checking your browser” loop, not a login page. Is that the same thing? Often, yes — that loop also breaks when third-party cookies or JavaScript are blocked. Allow both for the three OpenAI domains and disable any VPN/proxy, then reload.

Will turning cookies back on after I log in sign me out again? No. Once you are signed in, the session lives in a first-party cookie on chatgpt.com, so you can re-enable cross-site tracking and stay logged in.

Prevention

  • Keep a permanent per-site cookie allowlist for the OpenAI domains so it survives the next browser upgrade or settings reset.
  • Don’t run “strict” tracking protection as your default — “standard / balanced” covers nearly every site safely.
  • Don’t stack two privacy extensions; overlapping rules frequently block legitimate cookies.
  • When testing or switching browsers, allowlist OpenAI before assuming login is broken.
  • On managed machines, check chrome://policy for an OpenAI block before fighting symptoms, then escalate to IT.

External references: OpenAI Help — Why can’t I log in to ChatGPT? and Google’s Privacy Sandbox next-steps announcement.

Tags: #ChatGPT #ChatGPT account #Troubleshooting #Debug #Cookies