P3P: The answer to IE7 Iframe cookies problem

Problem:

I have a website where users log in at http://example.com.
I have an iframe that embeds pages from example.com on http://mysite.com.
IE7 Won’t retain the cookie (i.e. it keeps asking me to log in in the iframe)!

Workarounds:

1. Have your IE7 users set Internet Options >> Privacy >> Advanced >> Check “Override Automatic Cookie Handling” and “Always allow session cookies”

This is not so good because it is inconvenient most times to have all of your users make this change.

2. Use a P3P header. IE7 will allow the cookies as long as your site appears to have a privacy policy (using the W3C standard). Send this header just after session_start(); in PHP:


session_start();	// start the session
header('P3P: CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA"'); 

For more on P3P see:

http://www.sitepoint.com/article/p3p-cookies-ie6/2/

For more on the IE7 Bug (or rather annoyance!!) see:

http://aspnetresources.com/blog/frames_webforms_and_rejected_cookies.aspx

2 thoughts on “P3P: The answer to IE7 Iframe cookies problem”

  1. Hi,

    Where to write the p3p header ? in the page where frameset is declared ? or in the external website inside the frame ?

    Thanx,

    Franck

Comments are closed.