How to set third-party cookies with iframe

      

How to set third-party cookies with iframe?

I had problem with the lead base ad click tracking. I was using the iFrame to track the lead information from the advertiser site. But somehow IE is not sending any cookie information from there. Infect firefox also doesn’t send any cookie information for the first request (i.e. when the iFrame src page is called) but if you call any page from the main file (i.e. specified in the source for iFrame like image or script src), I get the cookies.

What are third-party cookies?

If you put your code on other website using iFrame which calls pages from your site, then the cookies groups are called third party cookies (as both the domains, main page source and iFrame source, are different). Other examples of third party cookies are images or other objects contained in a Web page may reside in servers different from the one holding the page. In order to show such a page, the browser downloads all these objects, possibly receiving cookies. These cookies are called third-party cookies if the server sending them is located outside the domain of the Web page.

Some browsers allow third party cookies and in some browsers, like Internet Explorer, it depends on the privacy settings of the browser. In IE6 (Internet Explorer 6) with the default privacy setting of ‘Medium’, third party cookies will be deleted.

As it turns out, there is a simple solution. If you supply a ‘compact privacy policy’ with your page, then IE will treat the cookies with respect and let them through.

The code

Just add this to the start of your page (every page where cookies will be written):

How to set p3p http header in ASP.Net?

HttpContext.Current.Response.AddHeader("p3p", "CP=\""IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\""")

How to set p3p http header in PHP?

header('P3P:CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"');

How to set p3p http header in JSP?

response.setHeader("P3P","CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'")

How to set p3p http header in ColdFusion?

<cfheader name="P3P" value="CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'" />

The above code will set P3P (Platform for Privacy Preferences Project) header. It allows the browser (specially Internet Explorer) to through all the third-party cookies (which may be set through iFrame).


Facebook  Twitter      Stumbleupon  Delicious
  

26 Comments on “How to set third-party cookies with iframe”

  • senthil wrote on 2 January, 2009, 15:39

    how to delete the third-party cookies, when i using p3p cookies?

  • murali wrote on 5 January, 2009, 17:46

    hi viral,
    Ur blog is quiet interesting….. Today i spend more time in ur blog…. Make it quiet more active dude…. have in touch thro’ my mail id….

  • Viral wrote on 5 January, 2009, 18:17

    Thanks Murali for the comments…
    And do visit again.. you may find more interesting things on this.

  • Nebu wrote on 15 January, 2009, 21:45

    This exactly solves my problem thanks

  • jorge wrote on 20 January, 2009, 12:26

    Or, you can do this in .htaccess file on APACHE:

    Header set P3P “policyref=\”/w3c/p3p.xml\”, CP=\”IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\”"

  • Brian wrote on 1 April, 2009, 20:08

    Is this all that I have to do? Just set the P3P in the header? Do I have to create an /w3c/p3p.xml document as well? Anything else? Thanks

  • Gaurav wrote on 4 April, 2009, 12:09

    Hello Brian, Just set the P3P header with the said values and it will do the rest :)

  • Alfredo Uribe wrote on 16 April, 2009, 21:01

    Hey, it was just what i needed! thanks a lot.

  • Jeremy wrote on 5 May, 2009, 21:00

    Works for IE, but not Safari. How do you solve the problem for Safari?

  • Dan wrote on 7 May, 2009, 3:55

    I’m trying this with a Drupal powered site, in particular on this page http://www.clubtalk.co.uk/online-billing

    I’ve tried adding the PHP code into one of the theme files but it doesn’t seem to work. Anyone know what to do when it comes to Drupal and themes?

  • thierry wrote on 16 May, 2009, 7:53

    hi, looks great, but what is the code for asp (not .net)?

    I have an asp container page calling a php page in an iframe.

    I have placed this in the asp CONTAINER page:

    I have placed this in the php FRAMED page:

    And I am still blocked on IE7

    thanks for helping…

  • thierry wrote on 16 May, 2009, 7:54

    my code was removed so I am pasting again

    hi, looks great, but what is the code for asp (not .net)?

    I have an asp container page calling a php page in an iframe.

    I have placed this in the asp CONTAINER page:
    Response.AddHeader “P3P”,”CP=”"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT”"”

    I have placed this in the php FRAMED page:
    header(‘P3P:CP=”IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT”‘);

    And I am still blocked on IE7

    thanks for helping…

  • Ross wrote on 26 May, 2009, 16:38

    Heya!

    Thanks for this. Saved my life.

    Just one thing: the code for ASP.NET is incorrect. You have too many double quotes. It should be:

    HttpContext.Current.Response.AddHeader(“p3p”, “CP=\”IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\”");

    Thanks again,

    Ross

  • Seph wrote on 9 June, 2009, 16:38

    Hey Gaurav

    Thank you for this post – it saved me quite some time. Apparently just implementing W3\’s p3p policy files isn\’t enough, these magic headers are needed to enable third party cookies in IE. Safari 4 and FF 3 seems to work without issues both before and after this.

    Regards
    Seph

  • Alonso wrote on 1 August, 2009, 5:38

    doesnt work for me….
    i had this code right in the top of my page.

    response.setHeader(“P3P”, “CP=\”IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\”");

    in a file named p3p.jsp

    so in another page i do this

    <%@ include file=\"/common/p3p.jsp\" %>

    <html>
    .
    .
    .
    </html>

    i have this code in all the pages that goes inside of an iframe of other domain.
    Do i need to put the same code in the the pages that includes the iframe content.

    what does IDC, DSP, COR, ADM, ….. mean ?

    Im using spring framework , should i put the code in the controller before returning the view ?

    im meaning this…..

    response.setHeader(\"P3P\", \"….\");
    return new ModelAndView(\"thepage\", map);

    thanks id advance….

  • Alonso wrote on 4 August, 2009, 4:11

    Its done.

    I already got it working.

    i just put.

    reponse.addHeader(\"P3P\", \"CP=\"\\\" IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA \\\"\");
    before returning the view. instead of putting this alone in a jsp file.

    thank you

  • Jimmy wrote on 24 September, 2009, 13:54

    This does not work with Firefox 3.5.3 (didnt try any other version) when disabling 3rd party cookies via about:config and changing network.cookie.cookieBehavior value to 1.

    /Jimmy

  • Greg wrote on 6 October, 2009, 12:39

    You can’t just set the headers anymore (for IE8 anyways).
    You have to have a valid p3p.xml file in place that is referenced from the header.
    There are also a few new ‘gotchas’ that can cause cookies to be blocked.

    It used to be quite easy to overcome the cookie blocking problem (using basic headers) but updated browsers are getting tighter and tighter with the whole privacy thing.

    Easiest p3p.xml generator I’ve found (and used ) is http://p3pwiz.com

    Greg

  • sohbet wrote on 18 November, 2009, 22:23

    thank you for this article …

  • Viral Patel wrote on 18 November, 2009, 22:55

    @sohbet: you welcome.
    Feel free to share/bookmark the article :)

  • Jack wrote on 30 November, 2009, 19:47

    Hi, this did not work for me. Can you please take a look:

    http://www.koty.org.pl/test_cookie_iframe.html

    I am calling an iframe that sets up Cookies by Javascript. I tried calling them through PHP as well, and it does not work. (header is defined through PHP). Any ideas?

  • Rob MacDonald wrote on 14 December, 2009, 19:49

    Does anyone know how you can get IE to accept 3rd party cookies when you can’t change the 3rd party site? Is this possible?

  • autoteile-king wrote on 22 December, 2009, 5:22

    hi all,
    the solution did not work for me.
    i put the code in my http header as described but the third party cookies in my iframe are still blocked. any ideas?
    thanks
    martin

  • MEMark wrote on 4 January, 2010, 14:09

    Hi!

    Any ideas how to solve this for Safari? Is forcing the using to “globally” change his cookie policy the only way?

    Regards
    M

  • msolution wrote on 7 February, 2010, 20:46

    Hi,
    didnt work for me in IE8, am using an iFrame and ive tried the meta tag and the php header,… it doesnt work with affiliate links, ive also set the p3p.xml file and the policy1.xml file and validated it from the validator at w3c site.

    any help would be appreciated. this is $urgent$ for me,

    M.

Trackbacks

  1. WEBDUDE

Write a Comment

Gravatars are small images that can show your personality. You can get your gravatar for free today!

Copyright © 2010 ViralPatel.net. All rights reserved.