By Bitou Deouf on

Hello everybody ! :)
I need some help. I'm French so be lenient with my English practice !

A partner website (which I don't have the control) just give me an iframe to integrate my website... which is a Drupal site !
The problem is that with an iframe, it exists the third-party cookie problem : especially with IE (by default, this browser allow a medium confidential security... net surfer computer majority) cookies can't be created and so session variables for login which use $_COOKIE aren't initialized. Nobody can sign in / register...

I have seen the source of Drupal core includes, and it's a fact : I can't find the way to dodge this problem !

Could someone be my messiah ? :D

Regards.

Categories: Drupal 5.x

Comments

Bitou Deouf’s picture

Bitou Deouf commented

I can reformulate my question : Is it possible to disable the use of cookies for all my Drupal site ?

Bitou Deouf’s picture

Bitou Deouf commented

But I don't find the solution ! :(

I tried to change the settings.php file from /site/default directory of Drupal with the "$cookie_domain" parameter :
- For example : my partner's website is xxx.yyy.example.com
- My website (iframe) is zzz.example2.com
- So I uncommented the line in settings.php and set $cookie_domain = 'example.com';
It doesn't work and I don't know why. With Firefox options, I can normally see created cookies... but no cookie is created !

I just repeat that the problem is only for Internet Explorer, which by default doesn't accept 3rd party cookie. I used Firefox only for checking cookies... And maybe, people with firewall like ZoneAlarm could disable 3rd party cookie too...

Nobody was confronted with this problem ?

murph1379’s picture

murph1379 commented

you can't create cookies in a foreign domain, only your own.

I'm not sure if Drupal can work without cookies, but I'm guessing this won't work.

Bitou Deouf’s picture

Bitou Deouf commented

Ok I suspected it ! :)

I finally found a solution !!!

Just write this line in the settings.php file : header('P3P: CP="CAO PSA OUR"');
This line allows IE to accept 3rd party cookies.

Source : http://support.microsoft.com/kb/323752/EN-US/

Thanks to... me ! ^^

Bye

alexis’s picture

alexis commented

I was having this problem while using an iframe to run one Drupal module as a Facebook application.

Everything worked ok from Firefox, I could login to my Drupal site inside the Facebook application, in the iframe, but when using Internet Explorer the login didn't work.

I realized that the 'eye icon' on Internet Explorer was showing my cookies sent from Drupal as blocked and found about P3P googling a little.

I included header('P3P: CP="CAO PSA OUR"'); as the first line in myblock_menu()

Thanks for the tip!

Alexis Bellido
Ventanazul: web development and Internet business consulting shouldn't be boring

ask2gaurav’s picture

ask2gaurav commented

Just set P3P (Platform for Privacy Preferences Project) header.

The code for ASP.Net
HttpContext.Current.Response.AddHeader("p3p", "CP=\""IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\""")

The code for PHP
header('P3P:CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"');
For more information visit following url:

http://viralpatel.net/blogs/2008/12/how-to-set-third-party-cookies-with-...

wanghl165’s picture

wanghl165 commented

It works, Thanks!

arnoldc’s picture

arnoldc commented

Not Drupal related, but works nevertheless in my case on IE7.

fernly’s picture

fernly commented

This is still a situation occurring using D7, as it is no Drupal related issue.

I can confirm it still works, but I had to add the header function to a hook_init function.

---
Vaerenbergh.com - A Drupal developer's web page

satter9’s picture

satter9 commented

Hello, would it be possible for you to explain how you did that in a little more detail? I have the same situation and I have tried adding the p3p to the header of the html.tpl.php file as well as the settings.php. These do not seem to work but everywhere I search people say adding this compact privacy policy to the header will solve the issue. My thought is that I am not getting this to print in the header of each page so maybe your solution could be the answer. Any help is appreciated!

Thanks,
Nils

satter9’s picture

satter9 commented

Hello, I have tried putting the p3p header in the settings .php file as well as the html.tpl.php file but I cannot get it to work. Does anyone have any other tips we might be missing?

Thanks,
Nils