25

My domain (let's call it www.example.com) creates a cookie. On another site (let's say, www.myspace.com), my domain is loaded within an iFrame.

On every browser (Firefox, Opera, Camino, Safari, etc...) except for Internet Explorer, I can access my own cookie. In IE, it doesn't give me access to the cookie from within the iFrame.

Is there a way to get around this?

Really, this makes no sense because the site trying to access the cookie is www.example.com and the cookie is owned by www.example.com. But for some reason, IE thinks the iFrame makes them unrelated.

BiscuitBaker
  • 1,421
  • 3
  • 23
  • 37
Sleep Deprivation Ninja
  • 527
  • 1
  • 4
  • 11

3 Answers3

35

Internet Explorer's default privacy setting means that 3rd-party cookies (e.g. those in iframes) are treated differently to 1st party cookies. (by default, 3rd party cookies are silently rejected).

For IE6 to accept cookies in an iframe, you need to ensure your site is delivering a P3P compact header.

See http://msdn.microsoft.com/en-us/library/ms537343.aspx for more.

Community
  • 1
  • 1
mopoke
  • 10,555
  • 1
  • 31
  • 31
  • I believe it should do. I've not tried it myself. But it certainly solved the problem for me on IE6. – mopoke Sep 19 '08 at 00:05
  • 2
    w00t. This worked: HttpContext.Current.Response.AddHeader ( "p3p", "CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\""); from here: http://aspnetresources.com/blog/frames_webforms_and_rejected_cookies.aspx details here: http://www.p3pwriter.com/LRN_111.asp – Sleep Deprivation Ninja Sep 19 '08 at 16:13
  • The link in this answer seems to be broken, but I think you can find the same info here: [link]http://msdn.microsoft.com/en-us/library/ms537343.aspx – Erick Mar 17 '11 at 18:54
6

In PHP: header ( "p3p:CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"");

  • See also http://www.techrepublic.com/blog/software-engineer/craft-a-p3p-policy-to-make-ie-behave/ – bishop Jun 24 '15 at 20:04
-1

That sounds like a privacy setting issue to me. Either increase your security settings in IE (which you won't be able to convince your users to do), or take another approach.

William Keller
  • 5,256
  • 1
  • 25
  • 22