views:

6761

answers:

3

My domain (let's call it www.foo.com) creates a cookie. On another site (let's say, www.myspace.com), my domain is loaded within an iFrame.

On every browser (Firefox, Opera, Camino, Safari, etc...) except for Internet Explorer, I can access my own cookie. In IE, it doesn't give me access to the cookie from within the iFrame.

Is there a way to get around this?

Really, this makes no sense because the site trying to access the cookie is www.foo.com and the cookie is owned by www.foo.com. But for some reason, IE thinks the iFrame makes them unrelated.

+14  A: 

Internet Explorer's default privacy setting means that 3rd-party cookies (e.g. those in iframes) are treated differently to 1st party cookies. (by default, 3rd party cookies are silently rejected).

For IE6 to accept cookies in an iframe, you need to ensure your site is delivering a P3P compact header.

See http://support.microsoft.com/kb/323752/EN-US/ for more.

mopoke
Does this work in IE7 or IE8 Beta?
Sleep Deprivation Ninja
I believe it should do. I've not tried it myself. But it certainly solved the problem for me on IE6.
mopoke
w00t. This worked: HttpContext.Current.Response.AddHeader ( "p3p", "CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\""); from here: http://aspnetresources.com/blog/frames_webforms_and_rejected_cookies.aspx details here: http://www.p3pwriter.com/LRN_111.asp
Sleep Deprivation Ninja
A: 

That sounds like a privacy setting issue to me. Either increase your security settings in IE (which you won't be able to convince your users to do), or take another approach.

William Keller
+1  A: 

In PHP: header ( "p3p:CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"");