[thelist] ( and ifram ) php as a solution
mail at hemisfera.es
Mon Mar 29 02:57:12 CDT 2010
BTW -- is an iframe the only solution to embed the site in a page with IE?
I know <object> works with other browsers. >>
I've suffered many troubles with I-frames use, but i'm solving them working
with such simple "php includes"...
Joan Olivé i Mallafrè
----- Original Message -----
From: "Bill Moseley" <moseley at hank.org>
To: <thelist at lists.evolt.org>
Sent: Monday, March 29, 2010 3:53 AM
Subject: [thelist] P3P, thrid-party cookies, and iframes
>I have partner site that wishes to embed my site inside an iframe. The
> problem is my site requires cookies (have to log into my site) and IE's
> default setting does not allow third-party cookies.
> As a result we have added session ids to all links and accept a session id
> in the query parameters. I'm not a fan of doing this for security
> Too easy to copy-n-paste URLs or bookmark URLs with the session id that
> not valid very long.
> Anyone have a solution for this? That is, get IE to accept the
> I've added P3P headers to my responses. I've tried these two, which were
> examples on sites about this issue:
> CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
> CP="NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM"
> But, IE still does not set or return the cookies. If I set the privacy
> setting to "Low" then cookies are allowed and the iframe'd site works.
> I also tried adding the /w3c/p3p.xml to point to our privacy.xml page.
> indeed when I click on "Summary" for the page in IE's Privacy Report IE
> the two XML files and display the privacy summary. (On that page I have
> My guess is my policy.xml file is not setup correctly to allow the
> but on the other hand I don't see IE request those files unless that
> "Summary" policy report is requested. So, maybe it's just the P3P header
> that isn't correct.
> Anyone got this working?
> BTW -- is an iframe the only solution to embed the site in a page with IE?
> I know <object> works with other browsers.
>  Another issue with this is we have had problems where users will have
> multiple windows open resulting in different session ids -- then things
> in-validating a session id since they pass the session ID in the url,
> resulting in logging the user out in the other window by replacing the
> session id in the cookies.
> Bill Moseley
> moseley at hank.org
> * * Please support the community that supports you. * *
> For unsubscribe and other options, including the Tip Harvester
> and archives of thelist go to: http://lists.evolt.org
> Workers of the Web, evolt !
More information about the thelist