Fix IE Blocking iFrame Cookies Problem

By | January 24, 2010

For security reason, Internet Explorer block the cookie manipulation of a page when the page is inside an iframe. This is really ridiculous because the two frames are totally two different sites and the security policy has already block the dom operation between the two frames. Why block the cookie operation inside the iframe itself? Other browsers don’t have such issue. So, IE really really sucks.

But the major users are using the f**king, so we have to face the problem.

Here’s my steps( I assume we have two sites www.testaccor.com and www.testcomptanoo.com) to resolve this issue by creating a policy for IE:

1. Download the IBM Privacy Policy Editor fromhttp://www.alphaworks.ibm.com/tech/p3peditor (I also set it in the sample package)

2. Create a folder “w3c” in testcomptanoo.com root.

3. Open the editor, select “Create a policy from a template”, and click “OK”.

image

4. Select the template “Access logging & user tracking”, and “OK”

image

5. Here’s the policy file we have.

image

6. Save the policy file to “w3c” folder as “privacy_policy.p3p”

image

7. Choose “File” -> “Save Compact Policy As…”, save the compacted policy to a text file, we say “privacy_policy.txt”, we’ll use its content as http header later.

8. Also in “w3c” folder, create a p3p.xml file, we’ll set this file path in the http header, p3p.xml content:

image

9. This time I use a aspx file to add an http header, so I change the comptanoo.html to comptanoo.aspx.

image

10. In the comptanoo.aspx, I set a header:

image

11. Run the http://www.testaccor.com/accor.html again, we can find that we CAN set/get cookie now in Comptanoo.aspx

image

12. If we remove the header, cookies will be blocked again:

image

I attached all the files; also the IBM Privacy Policy Editor is enclosed. Please download here:http://www.jinweijie.com/download/iframe_cookie_issue_in_ie_p3p.zip