I got a call today about one of my applications not running correctly from inside an iFrame. I tried it out and it looked like everything worked great in Safari and Firefox but not IE6 or IE7. It took me a few failed attempts to fix it before I decided it must be a session problem. After firing up a packet sniffer it became obvious the cookie with the session ID was not being passed.
The problem lies with a W3C standard called Platform for Privacy Preferences or P3P for short. You can read all about the boring stuff via the link or else just install the P3P Compact Policy header below. This will allow Internet Explorer to accept your third-party cookie. You will need to send the header on every page that sets a cookie.
PHP:
header('P3P:CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"');
ASP.NET:
HttpContext.Current.Response.AddHeader("p3p","CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"");
Django:
response = render_to_response('mytemplate.html') response["P3P"] = 'CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"'
JSP:
response.addHeader("P3P","CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"")
Comments
Anonymous (not verified)
Fri, 06/11/2010 - 12:13
Permalink
Many, many thanks!
Saved me from a huge headache.
Anonymous (not verified)
Sat, 02/26/2011 - 19:08
Permalink
what
It's not like you really deserve that many thank yous..must be a fake ego thing..
Anonymous (not verified)
Sun, 06/20/2010 - 08:07
Permalink
Thank You
Thanks Adam , It saved the Day
Anonymous (not verified)
Wed, 06/23/2010 - 22:29
Permalink
Phenomenal!
This is great work!
Anonymous (not verified)
Fri, 06/25/2010 - 19:16
Permalink
In aspx Probem
Respected,
I have a page aspx with an internal iframe that should receive pages called by menu of the type:
The iframe is .
In the firefox and chrome it perfectly works. And in IE8 it doesn't work, the page opens in another window.
It includes the directing HttpContext.Current.Response.AddHeader("p3p","CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"");
in the load aspx-cs and it continues not working in IE.
I request help for that problem. Adim.
Anonymous (not verified)
Fri, 06/25/2010 - 19:27
Permalink
Complement
Respected,
In complement previus msg:
Menu:
Iframe:
Thanks! Adim
Anonymous (not verified)
Sat, 06/26/2010 - 13:38
Permalink
Working Perfectly
Thanks Adam,
I applied your solution and it worked perfectly. You really saved me
Appreciated,
Ma'en
Anonymous (not verified)
Tue, 06/29/2010 - 18:12
Permalink
Adam: I would like to add to
Adam:
I would like to add to the chorus of praise. I'm sure you saved me HOURS of work, and I will take all the credit at my workplace :).
Thanks again.
Anonymous (not verified)
Tue, 06/29/2010 - 19:07
Permalink
WHOA!
D00d, seriously! I would have never EVER fingered that one out on my own! MANY MANY thanks! Buy a beer on me!
-Dan
Anonymous (not verified)
Fri, 07/02/2010 - 06:12
Permalink
Thanks a lot! It fixed my
Thanks a lot! It fixed my problem! :)
Anonymous (not verified)
Wed, 08/18/2010 - 06:02
Permalink
Request
Hi, I am gettin same problem in asp.net, my frame is not saving the cookies. Can you send me the code how i can fix this problem on my Email ID please...
My Email ID :
Anonymous (not verified)
Tue, 08/17/2010 - 14:36
Permalink
P3P Header in java
Hi,
I am setting up P3P header in the response by setting up filter on java side. But some how its not setting up the P3P header. What should i do. The filter code looks like below
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
throws IOException, ServletException {
HttpServletResponse httpResponse = (HttpServletResponse) response;
httpResponse.setHeader("P3P",
"CP=\"ALL DSP COR CURa ADMa DEVa TAIa OUR IND UNI COM NAV INT CNT\"");
chain.doFilter(request, httpResponse);
}
Is there any other way to setup P3P header in java
Anonymous (not verified)
Wed, 08/18/2010 - 06:00
Permalink
Request
Hi, I am gettin same problem in asp.net, my frame is not saving the cookies. Can you send me the code how i can fix this problem on my Email ID please...
My Email ID :
Anonymous (not verified)
Tue, 08/31/2010 - 08:36
Permalink
On which side
Should the header function (I code php) be included on the page containing the IFrame or the page that's supposed to show inside the IFrame?
Anonymous (not verified)
Mon, 09/06/2010 - 11:16
Permalink
Thank you!!!
Wow,
thank you very much!!!!!!!!!!!!!
It was the solution to my problem!!
Anonymous (not verified)
Mon, 09/06/2010 - 15:32
Permalink
Thanks a lot man!
Thanks a lot man!
Anonymous (not verified)
Thu, 03/24/2011 - 05:05
Permalink
Great works
love it, i was looking for way to solve the problem for our Perfume Story project. This helps a lot.
Anonymous (not verified)
Thu, 09/09/2010 - 06:13
Permalink
Internet Information Services (IIS) v6
I've just spent several hours looking into this and getting no where. Especially when Firefox and Chrome were working correctly and it was only IE that had this trouble.
Thanks for the info Adam.
If you are using MS technology for your website and you have access to IIS you can get IIS to output the header on every page without having to touch the code.
1. From within IIS bring up the properties for the site in question.
2. Click on the HTTP Headers tab
3. Click the Add button
4. In the custom header name enter:
P3P
6. In the custom header value enter:
CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
7. Click OK then OK and your good to go. You don't even need to restart IIS.
Anonymous (not verified)
Wed, 09/22/2010 - 13:41
Permalink
Thanks a lot!
oh! You are the man!! You just save my live!
Thanks a lot!
Walter.
Anonymous (not verified)
Thu, 03/17/2011 - 01:32
Permalink
Great information you got
Great information you got here. I've been reading about this topic for one week now for my papers in school and thank God I found it here in your blog. I had a great time reading this
Anonymous (not verified)
Wed, 12/08/2010 - 17:52
Permalink
Just What I Needed
The procedure is basically the same in IIS7. This was exactly what I needed, I'm glad I went to Google early on this issue.
Anonymous (not verified)
Mon, 09/13/2010 - 06:38
Permalink
thanks!!! You save many
thanks!!! You save many hours of my live!!!
resar87
Mon, 09/13/2010 - 11:52
Permalink
Cookie management not working for IE8
I have developed one application to check whether browser enables cookie or not, it is running perfectly for google crome and
firefox but not for IE8. In internet explorer 8 it is showing cookie is enabled though cookie is being blocked manually.
Please help.
Anonymous (not verified)
Mon, 09/20/2010 - 09:17
Permalink
Thanks a lot
You're a life saver. Thanks a lot!
P.S. IE sucks
Anonymous (not verified)
Mon, 09/20/2010 - 22:28
Permalink
You're the man!
Thanks a lot!
Anonymous (not verified)
Wed, 09/22/2010 - 10:13
Permalink
Thank u very much, you are
Thank u very much, you are the best (y)
Anonymous (not verified)
Tue, 09/28/2010 - 05:37
Permalink
IE blocking iFrame page load
Hi Adam,
I am stuck with a similar issue like this. But here I dont have any cookies set.
I have a jsp, where I use a custom tag for tabs and each tab has its own iFrame loading the contents.
In the first tab/iframe i load a flash object and on the second one it is jsp page, with a table, but the table data is populated from the session bean using another custom tag.
This works fine in mozilla, but not in IE. In IE the table header shows like it is showing data 1-1 of page 1, but the thing is it is not populated. i could see the view source with the data, but the rendering is not happening in IE.. But if i swap the tabs it would populate the data correctly, as now the jsp with table is first tab and it is the default. I tried putting your fix in my original jsp which is having the two tabs and frames defined. But it is still not helping.. Any idea what would be wrong here with rendering on ie with iframes
Thanks in advance
Sarah
Anonymous (not verified)
Thu, 10/14/2010 - 05:20
Permalink
THANKS A LOT!!!!
THANKS A LOT for your help!
An unbelievable solution for a strange MS problem!
MK
Anonymous (not verified)
Wed, 10/20/2010 - 03:58
Permalink
yeah!
My reaction is like all the other comments,.
Thanks for posting! It's a life saver!
Anonymous (not verified)
Thu, 10/28/2010 - 10:03
Permalink
Thanks
Wow. You stopped IE from giving me a headache this morning. Thank you.
Anonymous (not verified)
Mon, 11/22/2010 - 03:06
Permalink
unsecure
its very unsecure to send session-cookies in iframes.
example:
- your website allow to delete the account via an link in the members-area to http://foo.bar/cancel.php
- your customer is in log in-status on your site and "forgot" to log out.
- then your customer brows to http://bad_infected_site.com with an iframe to http://foo.bar/cancel.php
- the result: the account is deleted because the user is still logged in.
so be careful disabling this security option.
Anonymous (not verified)
Wed, 02/02/2011 - 22:22
Permalink
And without iframes too
You can do the same without cookies in iframes, by just redirecting the user to a normal page. (Admittedly, with iframes you can keep your actions secret.)
Modified example:
- your website allow to delete the account via an link in the members-area to http://foo.bar/cancel.php
- your customer is in log in-status on your site and "forgot" to log out.
* then your customer browses to http://bad_infected_site.com
* http://bad_infected_site.com redirects the user to http://foo.bar/cancel.php
- the result: the account is deleted because the user is still logged in.
Anonymous (not verified)
Sat, 11/27/2010 - 04:37
Permalink
My IE just closes after I
My IE just closes after I have been opening some specific websites do you happen to know about this issue?
Ruby,
cheap">http://www.van-insurance-cheap.co.uk/">cheap van insurance
Anonymous (not verified)
Mon, 03/07/2011 - 16:04
Permalink
Re: My IE just closes after I
Ruby,
It could be a script installed on your pc without you knowing. Your best bet would be to clear your browser cache and then reboot your system once again. That should sort it out.
Thomas Banks
Anonymous (not verified)
Mon, 11/29/2010 - 15:53
Permalink
Meaning of the policy
Does it have to be the compact policy you illustrate here, and if so, why? What is it about this compact policy that allows it to work? I have a security policy I am using but it currently will not work.
CP="CAO DSP CURa ADMa DEVa TAIa PSAa PSDa CONo OUR DELa BUS IND PHY ONL UNI COM NAV STA LOC"
Anonymous (not verified)
Tue, 11/30/2010 - 08:16
Permalink
Fixed it
The type of compact policy wasn't issue but that the policy I was putting into the header had TST at the end which indicates it is a test policy and IE does not honor that.
Sorry for the confusion.
Anonymous (not verified)
Wed, 01/26/2011 - 11:29
Permalink
I am very enjoyed for this
I am very enjoyed for this blog. Its an informative topic. It help me very much to solve some problems. Its opportunity are so fantastic and working style so speedy. I think it may be help all of you. Thanks a lot for enjoying this beauty blog with me. I am appreciating it very much! Looking forward to another great blog. Good luck to the author! all the best!
Anonymous (not verified)
Wed, 02/16/2011 - 12:22
Permalink
Looks like you are a
Looks like you are a specialist on this because you just made it so easy to be with you, motivated me to learn more on the subject! May I ask you, do you devote a lot of effort to it because you seem to be so in tune with http://fridaymoviez.com/celebrity/shahrukh-khan/56070" rel="follow">Shahrukh Khan
Anonymous (not verified)
Mon, 12/06/2010 - 11:46
Permalink
This is a really good read
This is a really good read for me. Must agree that you are one of the coolest blogger I ever saw. Thanks for posting this useful information. This was just what I was on looking for. I’ll come back to this blog for sure! I bookmarked this blog a while ago because of the useful content and I am never being disappointed. Keep up the good work
Regards,
Anonymous (not verified)
Thu, 12/09/2010 - 23:35
Permalink
you rock
Thanks so much for this post. I would give you my last bud-light absolutely.
-John
Anonymous (not verified)
Tue, 03/29/2011 - 11:50
Permalink
Re:
Ha. this comment made me laugh. I am drinking a bud light myself
Anonymous (not verified)
Fri, 12/10/2010 - 20:01
Permalink
So informative!
This is the exact way that people expecting we can see most of the comments are true and towards the positive opinion..This is the exact way that people expecting we can see most of the comments are true and towards the positive opinion..
simulateur">http://placementargent.org/placement-financier/">simulateur de placement financier
Anonymous (not verified)
Tue, 12/14/2010 - 12:13
Permalink
Thanks Alot Adam You Saved Me!!!!! THAT WAS GREAT!
Thank you Adam Its working really good now.
I can not stop my self saying Thanks & Thanks & Thanks!!!!!!!!!!! to youu................!
Anonymous (not verified)
Wed, 12/15/2010 - 02:00
Permalink
Thanks
Thanka a lot..u save my lots of time..thanks again.. :D
Anonymous (not verified)
Wed, 12/15/2010 - 22:50
Permalink
awesome
thanks, you saved my life. i spent two weeks of work to find why my script dont work and this helps me within one minute. thank you very much
Anonymous (not verified)
Thu, 12/23/2010 - 19:05
Permalink
Tnks!!! Tnks!!! Tnks!!!
Tnks!!! Tnks!!! Tnks!!!
Anonymous (not verified)
Thu, 12/23/2010 - 19:11
Permalink
Eureka!
thanks a lot!!! :)
Anonymous (not verified)
Fri, 12/24/2010 - 10:38
Permalink
MORE INFO
It seems to work also writing something else, like:
header('P3P:CP=" merry christmas "');
the important is to send the header :D
bye!
Anonymous (not verified)
Thu, 01/13/2011 - 21:53
Permalink
thank you very much, thanks
thank you very much, thanks again and again.
Anonymous (not verified)
Sat, 02/05/2011 - 11:56
Permalink
You are my hero :)
Thank you very much. The information is really appreciated. You made my day. :D I have been searching this for a while...
Pages