cookies are blocked within iframe

[Hatim Ali]

We have two websites say (a.com) and (b.com) having different domains.
Site (a.com) opens in an iframe on a web page of site (b.com).

With default internet security settings when i try to login into
(a.com) from within (b.com) it fails to login and blocks the session
cookie which is created by (a.com).

When i browse (a.com) directly with IE, the website works fine and let
me login smoothly with exactly the same internet security settings.

How come?? Is there any remedy ??

Thanks...

 

[Daniel Crichton]

Hatim wrote on 27 Oct 2005 02:47:37 -0700:

We have two websites say (a.com) and (b.com) having different domains.
Site (a.com) opens in an iframe on a web page of site (b.com).

With default internet security settings when i try to login into
(a.com) from within (b.com) it fails to login and blocks the session
cookie which is created by (a.com).

When i browse (a.com) directly with IE, the website works fine and let
me login smoothly with exactly the same internet security settings.

How come?? Is there any remedy ??

Thanks...

By default IE6 prevents cross-domain cookies from working - it's part of the
security features. As the parent page is on b.com, any cookies created for
any domain other than b.com are ignored. You might be able to change this
from the Tools > Internet Options > Privacy tab; click the Advanced button,
tick Overrider automatic cookie handling, and set Accept or Prompt for
Third-Party Cookies (prompt will cause IE to ask you if you want to allow a
cookie to be set each time it is from a different domain than the parent
page).

Dan