The Cache: Technology Expert's Forum
 
*
Welcome, Guest. Please login or register. September 17, 2019, 06:25:43 PM

Login with username, password and session length


Pages: [1]
  Print  
Author Topic: iFrame Cookies  (Read 1978 times)
DangerMouse
Expert
****
Offline Offline

Posts: 244



View Profile
« on: October 15, 2009, 05:04:02 PM »

Hello folks,

I'm trying to run a small online application located on one domain, within an iframe on another. However I seem to be having problems in IE  Roll Eyes I'm not attempting to access cookies from the parent domain, or indeed access anything that occurs within the iframe - that is purely the concern of the iframe target site. Everything works as expected in my Firefox install, but fails in IE. My understanding was that it would be the iframed site that would be setting the cookies and therefore I wouldn't encounter cross domain issues - am I mistaken?

Using the rather unhelpful 'analysis' provided by IE7 it mentions the lack of a "privacy policy" - a P3P header added to http responses on the iframe target domain - is this likely to be accurate and my only problem? If so I'll get it sorted (I control both sites), but I have very little faith in my research on this.

Are there an other issues that I may face?

Cheers,

DM
Logged
Bompa
Administrator
Lifer
*****
Offline Offline

Posts: 564


Where does this show?


View Profile
« Reply #1 on: October 15, 2009, 08:10:16 PM »

Hello folks,

I'm trying to run a small online application located on one domain, within an iframe on another. However I seem to be having problems in IE  Roll Eyes I'm not attempting to access cookies from the parent domain, or indeed access anything that occurs within the iframe - that is purely the concern of the iframe target site. Everything works as expected in my Firefox install, but fails in IE.

What is it that fails?

Logged

"The most beautiful and profound emotion we can experience is the sensation of the mystical..." - Albert Einstein
DangerMouse
Expert
****
Offline Offline

Posts: 244



View Profile
« Reply #2 on: October 16, 2009, 05:19:32 AM »

The little privacy icon appears in the bottom of the IE status bar, and session information stored in cookies fails to work from one form step to the next Sad

DM
Logged
perkiset
Olde World Hacker
Administrator
Lifer
*****
Offline Offline

Posts: 10096



View Profile
« Reply #3 on: October 16, 2009, 09:03:21 AM »

Isn't there a setting in IE to only accept cookies from the originating domain? I know FF and Safari have that as well... I believe the privacy part is to protect YOU from spammers like um, people I've heard of, that would use a dynamically created iFrame to install trackers...
Logged

It is now believed, that after having lived in one compound with 3 wives and never leaving the house for 5 years, Bin Laden called the U.S. Navy Seals himself.
cdc
Expert
****
Offline Offline

Posts: 105


View Profile
« Reply #4 on: October 16, 2009, 09:07:14 AM »

I've had the same issue and getting your P3P headers correct will fix it.
Logged

Will code for food.
DangerMouse
Expert
****
Offline Offline

Posts: 244



View Profile
« Reply #5 on: October 16, 2009, 02:13:09 PM »

Isn't there a setting in IE to only accept cookies from the originating domain? I know FF and Safari have that as well... I believe the privacy part is to protect YOU from spammers like um, people I've heard of, that would use a dynamically created iFrame to install trackers...

Yeah definately, the issue in this case though is that as I'm deadling with an iframe, technically the cookies are 1st party, and set and read by the originating domain (or so I believe), but IE still considers it to be "3rd party" content just because its in an iframe.

I've had the same issue and getting your P3P headers correct will fix it.

Thanks cdc - I'd hoped this would be the case. Seems really stupid though considering it doesn't seem that hard to set the correct P3P header - although you're agreeing to legal T&Cs from a technical perspective you can just use a generic privacy header and apparently it works.

DM
Logged
Pages: [1]
  Print  
 
Jump to:  

Perkiset's Place Home   Best of The Cache   phpMyIDE: MySQL Stored Procedures, Functions & Triggers
Politics @ Perkiset's   Pinkhat's Perspective   
cache
mart
coder
programmers
ajax
php
javascript
Powered by MySQL Powered by PHP Powered by SMF 1.1.2 | SMF © 2006-2007, Simple Machines LLC
Seo4Smf v0.2 © Webmaster's Talks


Valid XHTML 1.0! Valid CSS!