Django not storing session cookie in Internet Explorer

Question

To give some more context: We have an fb app which gets served under:
domain.com/fb/
and we have the normal site which gets served under
domain.com

Our fb app serves domain.com/fb/ in an iframe and is accesiable via:
apps.facebook.com/ourappname/

I'm currently having an issue with only IE, which caused request.user to be an anonymous user, even when the user is logged in (Only in IE) everything works fine in all other browsers. The reason for the request.user to be an anonymous is that the session cookie is not being set. I verified this by inspecting the cookies in IE and also django-debug-toolbar showed me that.

So how can I fix this issue?

The P3P headers are set:

response['P3P'] = 'CP="IDC CURa ADMa OUR IND PHY ONL COM STA"'
return response

They are also added by apache itself so kind of double just wanted to make sure it worked.

The session started working again magically.. but any insight into this is still welcome :) — Sam Stoelinga, Apr 17 '12 at 10:10

score 1 · Accepted Answer · edited May 23 '17 at 12:20

1

It's known security behavior of IE with iframe web sites. This could help: Cookie blocked/not saved in IFRAME in Internet Explorer

edited May 23 '17 at 12:20

Community

1
1

answered Apr 17 '12 at 12:22

Jan Papež - honyczek

141
1
9

Django not storing session cookie in Internet Explorer

1 Answers1