Anatoly Lubarsky Logo
programming, design, integration, games, music

ASP.NET Tip: How to Implement P3P HTTP Headers

The Problem

Q: Why "make sure to implement P3P if using iframes" ?


A: If your application is inside iframe with parent belongs to another domain - cookies will not work for some very common configurations for example IE 6/7 with privacy set to medium. If cookies don't work - session won't work.


Therefore session state turns out useless for your application under Internet Explorer. See - Privacy in Internet Explorer 6.


This is relevant when domain that hosts iframe is different from parent domain. Because of the fact that this is not very common scenario - only a few familiar with the solution.


The Solution

Solution - need to implement P3P header to tell the browser that cookies for your application inside iframe are OK for user privacy.


So, ASP.NET implementation may look like the following (global.asax):


protected void Application_BeginRequest(Object sender, EventArgs e)
{
    //
    HttpContext.Current.Response.AddHeader("p3p", "CP=\"CAO PSA OUR\"");
}

BTW, Safari won't accept cross-domain cookies even with the P3P headers.


Related Posts:

Thursday, September 27, 2007 11:37 PM

Comments

# re: ASP.NET Tip: How to Implement P3P HTTP Headers
how to delete the third-party cookies, when i using p3p cookies?

1/2/2009 12:11 PM by senthil

Login

Subscribe via RSS

Article Categories

.Net Framework
ASP.NET Tips
C# Win32 API
HTML, CSS, Web
Javascript Tips
MSSQL Tips
System
System.Net
WebServices

Archives

(02) January, 2018
(01) June, 2013
(03) March, 2013
(02) February, 2013
(01) July, 2012
(01) April, 2012
(01) September, 2011
(01) August, 2011
(03) May, 2011
(01) December, 2010
(01) November, 2010
(01) October, 2010
(01) June, 2010
(01) May, 2010
(02) March, 2010
(01) January, 2010
(02) December, 2009
(03) September, 2009
(03) August, 2009
(09) July, 2009
(04) June, 2009
(03) May, 2009
(02) April, 2009
(03) March, 2009
(02) February, 2009
(02) January, 2009
(04) December, 2008
(04) November, 2008
(05) October, 2008
(04) September, 2008
(05) August, 2008
(04) July, 2008
(05) June, 2008
(07) May, 2008
(04) April, 2008
(03) March, 2008
(02) February, 2008
(03) January, 2008
(03) December, 2007
(05) November, 2007
(04) October, 2007
(05) September, 2007
(12) August, 2007
(11) July, 2007
(14) June, 2007
(13) May, 2007
(13) April, 2007
(10) March, 2007
(11) February, 2007
(14) January, 2007
(14) December, 2006
(12) November, 2006
(08) October, 2006
(09) September, 2006
(06) August, 2006
(08) July, 2006
(10) June, 2006
(09) May, 2006
(22) April, 2006
(25) March, 2006
(12) February, 2006
(14) January, 2006
(19) December, 2005
(17) November, 2005
(16) October, 2005
(16) September, 2005
(12) August, 2005
(14) July, 2005
(09) June, 2005
(12) May, 2005
(12) April, 2005
(20) March, 2005
(11) February, 2005
(12) January, 2005
(18) December, 2004
(13) November, 2004
(12) October, 2004
(14) September, 2004
(09) August, 2004
(23) July, 2004
(19) June, 2004
(29) May, 2004
(19) April, 2004
(16) March, 2004
(09) February, 2004
(06) January, 2004
(02) December, 2003
(01) November, 2003

Post Categories

.Net and C#
Android
Antispam
App. Development
Architecture
ASP.NET
Blogging
Deprecated Projects
Facebook Platform
Fun
Google
iOS
Javascript
Misc.
MSSQL
Music
My Games
Performance
Roller
Social Networks
Tools
Visual Studio
Web 2.0
WebServices

About Me

linkedin Profile
Recs
Who am I

My Sites

Billy Beet
x2line blogs