views:

50

answers:

1

Hi Guys,

I have a domain A.com which is my website. I want to allow the user to login and then I have embedded an iframe into domain B.com which attempts to grab the cookie from A.com to allow the user to be continued to be signed in.

I can't seem to get this working in IE ? A new session gets set instead and the cookie is never retrieved.

I have set a P3P policy ? Any ideas what I am doing wrong.

+1  A: 

B.com is not going to be able to access cookies from A.com. I think you are confusing third-party cookies with cross-domain cookies. With a third-party cookie (which P3P is relevant to), B's content (e.g. http://b.com/foo.png) is included on http://a.com and sets its own cookie. That doesn't allow A or B to read each other's cookies though.

If you want A and B to communicate on the client side, you can use hacks like fragment id messaging, or developing functionality like postMessage

Matthew Flaschen
hey :) i thought the iframe on b.com and a.com are "same-domain" ? so the only way to do this then is to open a new window in the iframe in b.com [which loads content from a.com] and check for the cookie?
John
or are a.com and b.com not in the same-origin ?
John
Right, they're different origins.
Matthew Flaschen
thx - so the only way to do this then is to open a new window from the iframe in b.com [which loads the cookie from a.com] and check for the cookie?
John
If I understand you correctly (it might help to add psuedo-code), that won't work either.
Matthew Flaschen