I am considering the design of an interface which will enable users of my site to open multiple 3rd party sites at the same time into iframes. That part is easy enough. However, I want to be sure that the 3rd party sites are able to set their OWN cookies into the user's browser. I don't care about interacting with those cookies. I don't want to have any knowledge of the cookie data, I just want to be sure that when the user browses the 3rd party site via the iframe on our site, that they can persist a session throughout that site.
Asked
Active
Viewed 251 times
0
-
1Depends on the browser settings. In Safari, no by default. – ceejayoz Apr 27 '14 at 03:02
-
Interesting. Seems like it wouldn't be a security issue. – phirschybar Apr 27 '14 at 03:04
-
1It's a privacy issue, not a security one. – ceejayoz Apr 27 '14 at 03:07
1 Answers
2
No, you cannot rely on 3rd party cookies being enabled. Any cookies set by your framed websites will be treated as 3rd party cookies by modern browsers.
Chrome (and other browsers) allow the user to specifically block 3rd party cookies:
In addition, Internet Explorer requires that a valid P3P policy has been set on the framed websites, otherwise it could reject the 3rd party cookies, regardless of browser settings.
Community
- 1
- 1
SilverlightFox
- 32,436
- 11
- 76
- 145