Problem:
I have a site made with php which uses server side sessions. I used iframes to embed the pages in other website . When using internet explorer with the default privacy setting, Medium, I am not able to create a session due to the fact that a cookie will not be accepted by Internet Explorer.
The situation is that when the frame has been created by one server, and the child frame then loads content from a second server, Internet Explorer treats all cookies from the second server (in the child frame) as 3rd party cookies. Under the Medium privacy level, cookies are not allowed from the secondary server because Internet Explorer Blocks third-party cookies that do not have a compact privacy policy. To fix this problem, a compact privacy policy must be added to the headers sent to the client before a cookie is attempted to be created
Solution:
The problem occurred due to the absence of a valid privacy policy (P3P). to include that we can add a header to the child pages inside iframes
eg: header('P3P:CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"');
This will vary according to the privacy policy
some useful references below
P3P details
p3p policy editor from IBM
references
No comments:
Post a Comment