TechQA.

IE9 Separate cookies for third party request

525 views Asked by At

Even though my P3P headers are correct, IE9 seems to hold a separate list for third party requests.

I've added the following P3P

header('P3P:CP="NOI DSP COR CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT", policyref="http://domain/w3c/p3p.xml"')

Of course with domain properly set. It's created by the IBM tool. Next to that I've created the p3p xml file and tested it with p3p validation.

Once I call a test file stating nothing more then

    <?php

    header ('P3P:CP="NOI DSP COR CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT", policyref="http://padrichem.ds1.nl.dev/w3c/p3p.xml"');

    session_start();

    var_dump($_COOKIE);

It says $_COOKIE is empty, refresh and it says $_COOKIE[PHPSESSID] = 'id'

Now I call the same file from a remote location within an iframe it says $_COOKIE is empty, refresh and it says $_COOKIE[PHPSESSID] = 'DIFFERENT id'

When I disable protected mode this isn't the case. Yet it also isn't the case on all domains.

On the harddrive I can only find the cookies set by the iFrame (third-party) call.

Does anyone have any idea why this would occur?

cookies internet-explorer-9 php-5.3 p3p
Original Q&A
1

There are 1 answers

0
Wizact On

You issue is most probably because of how IE treats cookies in cross-zone scenarios:

Refer to the followings:

IE9 - asp.net cannot access cookie created for my domain by third party site
Beware Cookie Sharing in Cross-Zone Scenarios

Related Questions in COOKIES

Related Questions in INTERNET-EXPLORER-9

Related Questions in PHP-5.3

Related Questions in P3P

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Trending Questions