This is an interesting issue. I am said to introduce a feature in my existing application. The application must takes user consent before writing a Cookie on user system. (It is implicit that my application writes few cookies on the user system).
So the design is such that all the request to the application is intercepted, for each request the we check if there is a flag which asks the application to write cookie (this flag is sent from a special page call it IP) or it checks for a special cookie say Consent cookie on the user's machine.
Now if the application does not see a consent Cookie on user's machine it redirects the user to IP with its URL. On the IP there is a Accept Cookie button. If user accepts cookie an ajax request goes to the server where the code detects the flag to write cookie and writes the cookie on the user's browser.
I can see the code to write cookie is executed, the expected behavious after this is to process the request in normal fashion. But unfortunately it redirects it back to the IP.
I have a strong feeling that the Cookies are dropped by some of the browsers. Please suggest what might be wrong here. Please also let me know how to check on my browser that it is dropping the Cookies.
I also feel that it has something to do with P3P headers. Please help.
There can be two things:
In case 1: You need to add the P3P header into the response. Please check http://viralpatel.net/blogs/2008/12/how-to-set-third-party-cookies-with-iframe.html
In case 2: It might be possible that few of the browsers like recent version of Mozilla Firefox(12) caches the response status if it is a re-direct. By default redirect is a permanent redirect i.e. status code 302. In this case the IP will keep redirecting to itself in Mozilla.
Solution: You need to use a temporary redirectin i.e. status code 307.