Browsers handle cookies issued by IFrames in different ways. Some browsers don't need any special treatment. But others require more work.
Largely, there are two required fixes:
In most browsers, setting the P3P header will allow iframes to set cookies:
P3P: CP=HONK
Safari requires either some user interaction (for example if they follow a link inside your iframe, you can then set cookies on that second request). But you can also bypass this restriction by triggering a POST to a hidden iframe using JavaScript.
The attached example uses both these techniques and show's the PHP code necessary to do the same. Note, in this case the hidden form is POSTing to the currently loaded page. This is not optimal, first, because the currently loaded page may not support a POST. And second, because you may be able to load a lighter weight page that just issues cookies and does not otherwise contain any content.