Accessing Domain Cookies within an iFrame on Internet Explorer

Question

My domain (let's call it www.example.com) creates a cookie. On another site (let's say, www.myspace.com), my domain is loaded within an iFrame.

On every browser (Firefox, Opera, Camino, Safari, etc...) except for Internet Explorer, I can access my own cookie. In IE, it doesn't give me access to the cookie from within the iFrame.

Is there a way to get around this?

Really, this makes no sense because the site trying to access the cookie is www.example.com and the cookie is owned by www.example.com. But for some reason, IE thinks the iFrame makes them unrelated.

Answer 1

Internet Explorer's default privacy setting means that 3rd-party cookies (e.g. those in iframes) are treated differently to 1st party cookies. (by default, 3rd party cookies are silently rejected).

For IE6 to accept cookies in an iframe, you need to ensure your site is delivering a P3P compact header.

See http://msdn.microsoft.com/en-us/library/ms537343.aspx for more.

Answer 2

In PHP: header ( "p3p:CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"");

Answer 3

That sounds like a privacy setting issue to me. Either increase your security settings in IE (which you won't be able to convince your users to do), or take another approach.