[thelist] ( and ifram ) php as a solution

hemisfera.es mail at hemisfera.es
Mon Mar 29 02:57:12 CDT 2010


<<
BTW -- is an iframe the only solution to embed the site in a page with IE?
 I know <object> works with other browsers.  >>

Good day,

I've suffered many troubles with I-frames use, but i'm solving them working 
with such simple "php includes"...

regards
Joan Olivé i Mallafrè
www.hemisfera.es

----- Original Message ----- 
From: "Bill Moseley" <moseley at hank.org>
To: <thelist at lists.evolt.org>
Sent: Monday, March 29, 2010 3:53 AM
Subject: [thelist] P3P, thrid-party cookies, and iframes


>I have partner site that wishes to embed my site inside an iframe.  The
> problem is my site requires cookies (have to log into my site) and IE's
> default setting does not allow third-party cookies.
>
> As a result we have added session ids to all links and accept a session id
> in the query parameters.  I'm not a fan of doing this for security 
> reasons.
> Too easy to copy-n-paste URLs or bookmark URLs with the session id that 
> are
> not valid very long[1].
>
> Anyone have a solution for this?  That is, get IE to accept the 
> third-party
> cookies?
>
> I've added P3P headers to my responses.  I've tried these two, which were
> examples on sites about this issue:
>
> CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
> CP="NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM"
>
> But, IE still does not set or return the cookies.  If I set the privacy
> setting to "Low" then cookies are allowed and the iframe'd site works.
>
> I also tried adding the /w3c/p3p.xml to point to our privacy.xml page. 
> And
> indeed when I click on "Summary" for the page in IE's Privacy Report IE 
> will
> fetch
> the two XML files and display the privacy summary.  (On that page I have 
> the
> default "Compare cookies' Privacy Policy to my settings" checked.
>
> My guess is my policy.xml file is not setup correctly to allow the 
> cookies,
> but on the other hand I don't see IE request those files unless that
> "Summary" policy report is requested.  So, maybe it's just the P3P header
> that isn't correct.
>
> Anyone got this working?
>
> BTW -- is an iframe the only solution to embed the site in a page with IE?
> I know <object> works with other browsers.
>
>
>
> [1] Another issue with this is we have had problems where users will have
> multiple windows open resulting in different session ids -- then things 
> like
> javascript "Your session is about to time out!" timers can result in
> in-validating a session id since they pass the session ID in the url,
> resulting in logging the user out in the other window by replacing the
> session id in the cookies.
>
>
> -- 
> Bill Moseley
> moseley at hank.org
> -- 
>
> * * Please support the community that supports you.  * *
> http://evolt.org/help_support_evolt/
>
> For unsubscribe and other options, including the Tip Harvester
> and archives of thelist go to: http://lists.evolt.org
> Workers of the Web, evolt ! 



More information about the thelist mailing list