Waraxe IT Security Portal

NoobishMaarten · Beginner

Hello,

I am a complete novice regarding the use of session cookies of a website loaded in an iFrame. Actually to everything that has to do with programming (I’m more of a designer). I could really use some directions, here goes..

At the moment I’ve got a page that is loading different pages(from other websites, not owned by me) through iFrames. Now, I’d like the user visiting my site to receive cookies from those
‘3rd’ party sites loaded within the iFrames.

I found this on a website that might shed some light on the solution: "Under the Medium privacy level, cookies are not allowed from the secondary server because Internet Explorer "Blocks third-party cookies that do not have a compact privacy policy". To fix this problem, a compact privacy policy must be added to the headers sent to the client before a cookie is attempted to be created. The quick way is to just send this string in a header to the client ‘P3P: CP="CAO PSA OUR""

I’m not sure if the code suggested will work in my situation, hopefully it does!

My main question therefore is, where does that snippet of code go? I’ve got a simple .html page with iFrames, but it doesn’t work no matter where I put the code.

Perhaps I need a different type of page, or is there a way around this or am I missing some vital coding?

I’ve done some fair research and came across some programs that can generate a compact policy for me fit for my page’s purpose. Also I read that I have to configure my server for p3p. Is this all nesecairy? And if so, could someone bring up the patience and time to explain how?

I hope someone knows something about this and can help me with this problem!!

Kindest regards,

Maarten