tags:

views:

2420

answers:

4
+1  Q: 

IE, P3P, IFrame and blocked cookies (works until page host page has personal information requested)

My company has a little widget that plugs into shopping carts. We are running into a problem where setting cookies in IE7 is not working. This is happening because we are a 3rd party because we are embedded into the site via an iframe.

I have seen several post that say the way to solve this problem is by putting a P3P compact policy in the header. As mentioned:

http://stackoverflow.com/questions/389456/cookie-blocked-not-saved-in-iframe-in-internet-explorer

I have verified that my P3P policy is in my HTTP header. And it actually works for the first page/step of the shopping cart site, but as soon as there is personal information on the page (like name, address, phone, etc), IE blocks my site and my cookie.

I have tried several different P3P policies and they all don't work at the same place. I have also used the IBM P3P tool to generate my own special P3P policy, but it still doesn't work.

I am at a complete loss.

Any help is appreciated. Thank you.

David

+1  A: 

Hi David

I had a similar isssues smoetime back and I myself have asked this question. We had a similar situation like yours. Make sure you add the p3p header to all the pages inside the iframe. I ahev written a blog post about it too. Check it if you are interested. Let me know how it goes.

Shoban  2009-06-16 05:17:47
Thank you for the hint. I have verified, though, that the p3p header is there for all of the content I am serving up. (I used ieHTTPHeaders)
 2009-06-16 15:43:40
Ok..Change privacy settings in ie and then test it with low security. If it works then the issue is with your source code. You can also use FF with web security tool bar. Change privacy setting and use Web developer tool bar to see what is happening with the cookie.
Shoban  2009-06-16 16:27:09
Shobab, thanks for the hints. I lowered my security in IE and it changed my site's cookie status from "blocked" to "restricted". This DID work for me. Restricted is good enough.I'm not sure what the issue could be with my source code -- maybe my p3p policy is not good enough? Where can I find the FF web security toolbar? It would be great to find something that tells me why my p3p policy is not good enough.
 2009-06-16 20:16:59
Search for Webdeveloper tool bar for FF and you will get it. Its a must tool for web developers. Its defenitely the issue with your p3p header. In web developer tool bar there is an option to check p3p headers so use it. That was how I solved my issue. I know how you feel because I was behind this issue for a week ;-) feel free to email me at shobankr[at]gmail.com and i will be glad to help. BTW Shoban is my name not shobab ;-)
Shoban  2009-06-17 04:23:29
Thank you again, Shoban. I am unable to find a validator for p3p headers. I can use the web developer toolbar (v 1.1.6) to see my p3p header, but I see nothing that validates it.
 2009-06-18 22:24:57
David, email me at shobankr[at]gmail.com .. with sample source code. I will have a look at it (?)
Shoban  2009-06-19 04:25:40
A: 

The Fiddler web debugger (www.fiddler2.com) has a "Privacy" inspector tab on the response which decodes the P3P tokens into their meanings. There's a link at the bottom of the inspector which points to the MSDN article that shows which policies are considered "acceptable" by default.

Note, of course, that P3P policies are a Legal declaration, so you must be sure that your use of cookies matches what you claim in P3P.

EricLaw -MSFT-  2009-06-26 04:55:11
The link at the bottom of Fiddler takes you to this page, which only describes the acceptable policies for IE6: http://msdn.microsoft.com/en-us/library/ms537343(VS.85).aspx#unsatisfactory_cookiesAnyone know of a more recent reference?
tlianza  2009-10-22 22:09:41
The P3P defaults have not changed since IE6.
EricLaw -MSFT-  2009-10-23 14:09:16
+1  A: 

This probably won't help anyone else, but I was banging my head against the wall for weeks over this one. It turns out that IE 7 won't allow 3rd-party cookies to be set, even with a valid P3P compact policy if the HTML meta tag for Content-Type has a different character set declaration on the page with the iframe from the page within the iframe.

Nogwater  2009-11-21 01:08:36
A: 

Respected,
I have a page aspx with an internal iframe that should receive pages called by menu of the type: ul id="menu" li a href= ecaff1.aspx target=iframe1> E C C A F /a> /li> li>< ........ /ul> ". The iframe is iframe id="iframe1" style="width:748px; height:416px" runat="server" scrolling="yes" /iframe> ".
In the firefox and chrome it perfectly works. And in IE8 it doesn't work, the page opens in another window.
It includes the directing HttpContext.Current.Response.AddHeader("p3p","CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\""); in the load aspx-cs and it continues not working in IE, IN LOCAL HOSTING.

I request help for that problem. Adim.

Adim  2010-06-26 20:40:09

related questions

Prevent Use of the Back Button (in IE)
How to stop IIS asking authentication for default website on localhost
Why do I cannot jQuery my page under Internet Explorer
How To Write a Plug-In for IE
Firefox vs. IE: innerHTML handling
Detect DOM modification in Internet Explorer
Good reasons for not letting the browser launch local applications
Printing DOM Changes
IE6 security login (debugging via VirtualPC)
What is your best tool or techniques for getting the same display on IE6/7 and Firefox?
IE 7+ Favorites
IE Securty Zone Issues
JavaScript Profiler in IE
IE6 - can't load a normal JPG
Opening Explorer shell with admin priveleges on XP (with IE7 installed)
Should we support IE6 anymore?
How do I add a pre tag inside a code tag with jQuery?
How can I get Unicode characters to display properly for the tooltip for the IMG ALT in IE7?
Weird event behavior in IE7
Firebug for IE
Debugging Javascript in Internet Explorer and Safari
IE6: To support or not to support.
Tabbed file browsing in Windows
Debugging: IE6 + SSL + AJAX + post form = 404 error
Javascript troubleshooting tools in IE