It appears Safari does not allow you to set cookies from an iframe, including session cookies. That means you cannot embed an app that has a login form, or even multiple pages unless you pass around state information like the shop name in every URL and every form.
There’s no workaround for that, is there?