Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

P3P and PHP session problem with iframes in Internet Explorer 9

I have a contact form inside of an iframe, which uses captcha, and therefore requires session variables. It works fine in every browser except IE9. To make it work in IE8, I added the following line at the beginning of the php document:

header('P3P:CP="CAO IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"'); 

However, this doesn't appear to work in IE9. Any ideas?

like image 295
Ben Avatar asked Jun 08 '11 18:06

Ben


1 Answers

Best Answer: @user973810

Thanks a lot. This

header('P3P: CP="NOI ADM DEV PSAi NAV OUR STP IND DEM"');

helped me out very much. It's questionable why only the IE does such strange things.

Btw: here's the explanation for that. ;)

  • NOI Web Site does not collected identified data.
  • ADM Information may be used for the technical support of the Web site and its computer system. Users cannot opt-in or opt-out of this usage (same as tag ADMa).
  • DEV Information may be used to enhance, evaluate, or otherwise review the site, service, product, or market. Users cannot opt-in or opt-out of this usage (same as tag DEVa).
  • PSAi Information may be used to create or build a record of a particular individual or computer that is tied to a pseudonymous identifier, without tying identified data (such as name, address, phone number, or email address) to the record. This profile will be used to determine the habits, interests, or other characteristics of individuals for purpose of research, analysis and reporting, but it will not be used to attempt to identify specific individuals. Opt-in means prior consent must be provided by users.
  • NAV Data passively generated by browsing the Web site -- such as which pages are visited, and how long users stay on each page.
  • OUR Ourselves and/or entities acting as our agents or entities for whom we are acting as an agent.
  • STP Information is retained to meet the stated purpose. This requires information to be discarded at the earliest time possible. Sites MUST have a retention policy that establishes a destruction time table. The retention policy MUST be included in or linked from the site's human-readable privacy policy.
  • IND Information is retained for an indeterminate period of time. The absence of a retention policy would be reflected under this option. Where the recipient is a public fora, this is the appropriate retention policy.
  • DEM Data about an individual's characteristics -- such as gender, age, and income.

Source: http://www.p3pwriter.com/lrn_111.asp

like image 144
riyuk Avatar answered Dec 26 '22 01:12

riyuk