Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Cookies cannot be set in IE?

I have the following code in website1.com:

<script type="text/javascript">
    document.cookie = "qwe=1";
    alert(document.cookie);
</script>

and website2.com contains:

<iframe src="http://website1.com"></iframe>

When I open the page website2.com in IE it alerts empty string (if no cookies was set before).
Other browsers alert "qwe=1".

So the question is why and how to workaround this?

like image 472
tsds Avatar asked Nov 09 '11 07:11

tsds


People also ask

How do I set IE to accept cookies?

Settings > View advanced settings. Scroll down to Cookies, and select Don't block cookies Internet Explorer In Internet Explorer, in the menu bar, select Tools > Internet options > Privacy > Advanced. Select Accept or Prompt under First-party Cookies, and Accept or Prompt under Third-party Cookies. Select OK.

How do I enable cookies Safari?

SAFARI for iOS (iPhone and iPad)Step 1: Go to Settings, then scroll down and select “Safari”. Step 2: Scroll down to “Privacy & Security”. Step 3: Verify “Block All Cookies” is ticked (green/white), click to allow cookies. Step 4: Clear the browser cache and reopen the browser.


2 Answers

It is about security in IE.

If you want allow access to cookies in IFRAME, you should set HTTP header as follows:

ASP.NET:

HttpContext.Current.Response.AddHeader("p3p","CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"");

JSP:

 response.addHeader("P3P","CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"")

PHP:

header('P3P:CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"');
like image 51
Pavel Hodek Avatar answered Sep 30 '22 10:09

Pavel Hodek


Cookies are set with document.cookie, however they are not sent to the server (and therefore have no effect there) until the next pageload. I would assume that standard behaviour of document.cookie is to mimic this and not update the read value until the next pageload (in other words, setting document.cookie sets a cookie, but reading document.cookie gives the cookies that were sent in the request).

IE9 fixed a lot of issues present in older versions. And I mean a LOT. This is most likely one of them. The workaround, I would imagine, is handling cookies yourself. Just as in PHP I have the function:

<?php
function setRealCookie( ... ) {
    setcookie( ... );
    $_COOKIE[...] = ...;
}
?>

In JavaScript you could create an object that keeps track of cookies for you, including updating itself when a cookie is set and so on. Something like:

(cookies = {
    data: {},
    init: function() {
        var c = document.cookie.split(";"), l = c.length, i, t;
        for( i=0; i<l; i++) {
            t = c[i].split("=");
            cookies.data[t.shift()] = t.join("=");
        }
    },
    read: function(key) {
        return cookies.data[key];
    },
    set: function(key,value) {
        document.cookie = key+"="+value;
        cookies.data[key] = value;
    }
}).init();

Then you can set a cookie with cookies.set("qwe","1"); and read it back with cookies.read("qwe");.

like image 27
Niet the Dark Absol Avatar answered Sep 30 '22 11:09

Niet the Dark Absol