Fix IE Blocking iFrame Cookies Problem

by Weijie JIN on

For security reason, Internet Explorer block the cookie manipulation of a page when the page is inside an iframe. This is really ridiculous because the two frames are totally two different sites and the security policy has already block the dom operation between the two frames. Why block the cookie operation inside the iframe itself? Other browsers don’t have such issue. So, IE really really sucks.

But the major users are using the f**king, so we have to face the problem.

Here’s my steps( I assume we have two sites www.testaccor.com and www.testcomptanoo.com) to resolve this issue by creating a policy for IE:

1. Download the IBM Privacy Policy Editor fromhttp://www.alphaworks.ibm.com/tech/p3peditor (I also set it in the sample package)

2. Create a folder “w3c” in testcomptanoo.com root.

3. Open the editor, select “Create a policy from a template”, and click “OK”.

image

4. Select the template “Access logging & user tracking”, and “OK”

image

5. Here’s the policy file we have.

image

6. Save the policy file to “w3c” folder as “privacy_policy.p3p”

image

7. Choose “File” -> “Save Compact Policy As…”, save the compacted policy to a text file, we say “privacy_policy.txt”, we’ll use its content as http header later.

8. Also in “w3c” folder, create a p3p.xml file, we’ll set this file path in the http header, p3p.xml content:

image

9. This time I use a aspx file to add an http header, so I change the comptanoo.html to comptanoo.aspx.

image

10. In the comptanoo.aspx, I set a header:

image

11. Run the http://www.testaccor.com/accor.html again, we can find that we CAN set/get cookie now in Comptanoo.aspx

image

12. If we remove the header, cookies will be blocked again:

image

I attached all the files; also the IBM Privacy Policy Editor is enclosed. Please download here:http://www.jinweijie.com/download/iframe_cookie_issue_in_ie_p3p.zip

  • http://www.meaningfulhealthcare.com mike moseley

    Jin,

    Hope that you are doing well. Thank you for the great cookie/policy information. What if one cannot place the required file in the ‘root directory?’ We are working with a Google Site, and it appears that the policy is being dropped or redirected via Internet Explorer. The result is desired content in an iFrame is not being displayed. Do you have any thoughts about how to resolve this?

    Thank you,

    Mike

  • http://jinweijie.myopenid.com/ jinweijie

    Hi Mike,

    Sorry, but as far as I know, you have to have the root directory privilege to do that.

    Weijie

  • http://www.tellavista.com Nadav

    Hi Weijie

    The link for the IBM policy editor seems not to work.

    Do you have an up-to-date link?

    Thanks you

    Nadav

  • http://jinweijie.myopenid.com/ jinweijie

    Sorry, I don’t have…

  • http://www.provotesolutions.com Flavio

    Hi,
    I trying to solve the Cookies issue with IE.
    I have a site with http://www.provotesolutions.com. That has a Iframe tag linking to http://www.myvoteinfo.com/newmvi/account/login.
    I did all steps your excellent tutorial, but i still have the same problem when I send login and pw to the second site.
    If you can Please respond to my e-mail: fsampaio18@gmail.com
    this way I can send some code and oder informations.
    Regards,
    Flavio Sampaio

  • http://jinweijie.myopenid.com/ jinweijie

    Hi Flavio,

    Have you run the sample successfully in the download link?

    Thanks.

    Weijie

Previous post:

Next post: