Auth0 (OpenAI’s identity provider) writes a session cookie on auth.openai.com. When you bounce back to chatgpt.com, the browser has to attach that cookie. Even though both share the same eTLD+1, browsers in “strict” tracking modes still treat the SameSite=None / Secure cookie as third-party — the handshake breaks and you see a login loop or sudden blank screen.
Common causes
1. Browser default flipped to block third-party cookies
Chrome started rolling out “Tracking Protection” to 1% of users in 2024, expanded to all in 2026; Safari ITP has been strict by default for years; Firefox ETP “Strict” blocks by default.
How to judge: Is there an “eye crossed out” icon (Chrome) or shield indicator next to the URL bar? Yes = tracking protection is active.
2. Privacy extension overrides cookie permission
uBlock, Privacy Badger, Ghostery, DuckDuckGo Privacy Essentials may all block cookies on auth.openai.com. Even if native browser settings are permissive, the extension adds another layer.
How to judge: Try Incognito (extensions disabled by default). Works there = it’s an extension. Or click the extension icon and check if it shows “X requests blocked on this page”.
3. Corporate browser policy locks cookies
Edge for Business / managed Chrome push DefaultCookiesSetting=4 (block all) or BlockThirdPartyCookies=true via group policy. The local toggle is greyed out with “Managed by your organization”.
How to judge: In Chrome, visit chrome://policy and check whether BlockThirdPartyCookies is present and true.
4. “Block all cookies” left on from troubleshooting another site
You fixed a site with abusive cookie tracking once and never reset; or you installed “Cookie AutoDelete” and forgot.
How to judge: Settings → Privacy → Cookies; if global policy reads “Block all cookies”, even first-party cookies are gone.
5. Browser version too old to support modern cookie features
Safari < 16, Chrome < 110, Firefox < 102 lack CHIPS (Partitioned cookies) / Storage Access API support that OpenAI’s migration flow may require.
How to judge: Visit chrome://version or Safari → About Safari, compare to versions above.
Shortest path to fix
Each browser puts the setting in a different place — jump to yours.
Step 1: Chrome / Edge (most common)
chrome://settings/cookies
→ "Allow third-party cookies" OR
→ "Sites allowed to use third-party cookies" → Add:
[*.]openai.com
[*.]chatgpt.comEdge is nearly identical at edge://settings/content/cookies.
Step 2: Safari (macOS / iOS)
macOS Safari → Settings → Privacy
→ uncheck "Prevent cross-site tracking"
→ Advanced → "Block all cookies" must be OFF
iOS Safari → Settings app → Safari
→ uncheck "Prevent Cross-Site Tracking"
→ uncheck "Block All Cookies"Safari has no per-site cookie allowlist — you must loosen globally. After logging in you can re-enable; the session cookie is now stored as first-party.
Step 3: Firefox
about:preferences#privacy
→ Enhanced Tracking Protection → "Custom"
→ uncheck "Cookies" or pick "Cross-site tracking cookies only"
OR click the shield icon left of URL bar → "Turn off protection for this site"Step 4: Brave
Click Shields icon for the current site:
Cookies → "Allow all cookies"
Block scripts → OFF
Cross-site cookies → Standard or AllowStep 5: Clear stale cookies, then re-login
After loosening permissions, leftover “partially-written” cookies will keep the UI complaining. Wipe them:
DevTools → Application → Cookies →
delete everything under chatgpt.com / openai.com / auth.openai.com
→ close all chatgpt.com tabs
→ reopen chatgpt.com → log in freshStep 6: Verify
After successful login:
- DevTools → Application → Cookies → chatgpt.com should have
__Secure-next-auth.session-token - Refresh — chat history loads normally
- Close browser, reopen — still signed in (cookie persisted to disk)
Any failure → back to Step 1.
Prevention
- Keep a permanent cookie allowlist for OpenAI domains so it survives the next browser upgrade.
- Don’t run “strict” tracking protection by default — “standard / balanced” covers nearly all sites safely.
- When testing or switching browsers, allowlist OpenAI before assuming login is broken.
- Don’t stack two privacy extensions; overlapping rules often block legitimate cookies.
- On managed machines: verify
chrome://policydoesn’t have OpenAI in a block list before fighting the symptoms — escalate to IT instead.
Related reading
- ChatGPT login loop
- Session expired repeatedly
- Login works in one browser only
- Blank screen after login
- Wrong auth method after signup
Tags: #ChatGPT #ChatGPT account #Troubleshooting #Debug #Cookies