Selling my web-app on CodeCanyon (cross-domain question)

I have a webapp on CodeCanyon, that uses login with user and password.
When I click on my app to see it, it loads it from my website,
but I cannot seem to login to it,
because it loses _SESSION vars.

My website has HTTPS and CodeCanyon is HTTPS as well.
Does anyone know how to solve this cross-domain problem?

Do you have the same issue if close Envato frame?

When you are trying to login with user and pass are you getting the values in DB ?

If possible can you please share access to web app then i will be able to check out and inspect the issue with web-app

Thank you