Pragmatic Design And Coding By Manish Singh - Compact P3P settings with IIS7

Wednesday, June 01, 2011

Compact P3P settings with IIS7
Yesterday, I came across a problem where cookies created by application X was not readable to application Y, because X was running under an IFrame, when it created a cookie. Though, both X and Y belonged to same domain, still IE was whining about it. This is a problem with all IE 6 and onwards, Chrome and few other browsers. Firefox works like a breeze. This happens because cookie from an IFrame are treated as Third Party cookies and are restricted by browsers for any kind of spam.

So how the heck do I say the browser that X and Y are legitimate brothers

Simple ... do you have the birth certificate or any document to prove it? No ?? ok, so prepare it ... go to sites like p3p Edit or p3p Writer, pay around $30 - $40 to generate a document. It will generate the policy Xml and compact P3P string for you. Now you need to carry this proof everywhere you go. I mean this compact p3p needs to be attached to every response headers. When a client browser finds this p3p header, it assumes that the site is not a spam and let's other application read the cookie.

Hmmm ... nice security!

So, is it monitored or works like x.509 certificate?

Nope!
It is a standard declaration and as per W3W standards, but frankly, I don't even know if this has anything to do with law!!
But still browsers need it ... hmmm!

I'll take your word

Ok ... it's still not that strict, if you can give your word that X is a brother of Y.

You can provide a compact oath statement called compact p3p everytime you make response, to tell the clients that X or Y is not a spam. You don't need to spend $30-$40 now ... you can do it later.

In a way, the ball is in your court, when you say ... Noooo I am not doing any spam, and not collecting any user data ... bla bla bla. And you have to say it like oath or a legal statement comprised of standard words and points. Well this is what compact p3p is!

To understand these huge list of words and their meaning you can refer to p3pwriter .. All the best!

Fine .. I'll take your word and allow the cookies. So you can attach the proof through a module by adding a header to every response

HttpContext.Current.Response.AddHeader("p3p", "CP=\"CAO PSA OUR...\"");

Or through IIS

IIS 7 settings for compact p3p

I'll show you how to apply for root, so that all sites inside IIS 7 has the header automatically attached to the response. However, you may opt for a particular site, or a folder.
On IIS root look for Http Response Headers item in the features view on the right pane. Add an entry to this header
Name = p3p
Value = CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA"

Thats it! you have declared that X and Y are brothers ... :-)

.

By doing this you have now allowed the cookies to be shared between IFrame. Later ... you need to have a policy purchased and placed in a URL that can be read by clients and treat your decleration legitimate.

.Net

Tuesday, May 31, 2011 11:00:08 PM (GMT Standard Time, UTC+00:00)

Comments [26] Trackback

Sunday, December 04, 2011 11:26:42 AM (GMT Standard Time, UTC+00:00)

Your story was really infomraitve, thanks!

Cady

Sunday, December 04, 2011 6:47:26 PM (GMT Standard Time, UTC+00:00)

BzlZYH cmdiluloujzl

zygkbseyjf

Tuesday, December 13, 2011 1:32:57 AM (GMT Standard Time, UTC+00:00)

Forget my previous explanations and details!Actually, the only reason is that only ’30′ days had been analysed by me! With day 31 (with 1,084,027 hits!) the average number will totally change of course! Sarah Palin got public on August 29 (three days)!

small business insurance

shaneissohot

Tuesday, February 21, 2012 8:53:00 PM (GMT Standard Time, UTC+00:00)

The loans seem to be very useful for guys, which are willing to ground their career. By the way, it is very easy to receive a student loan.

HoltGEORGINA32

Tuesday, February 21, 2012 8:53:05 PM (GMT Standard Time, UTC+00:00)

I guess that to get the loans from banks you must present a good reason. Nevertheless, once I have got a college loan, because I was willing to buy a bike.

RICHMONDRACHEL

Wednesday, February 22, 2012 5:17:22 AM (GMT Standard Time, UTC+00:00)

Do you know that research paper service can be good partner when you're confused about academic papers writing. You will not choose more fitting partner in the internet. Hence, why search more? Make your selection now.

writing research papers

Friday, February 24, 2012 11:42:50 AM (GMT Standard Time, UTC+00:00)

Students would find some more an additional information just about this good post, if buy custom essay papers or buy a term paper at the writing service!

buy essay

Friday, April 27, 2012 8:43:25 PM (GMT Standard Time, UTC+00:00)

kkwvren

hxrmaktf

Sunday, April 29, 2012 2:13:26 PM (GMT Standard Time, UTC+00:00)

wekprx http://fastpaydayloansqq.co.uk/ quickquid %-[[[ trusted lenders 0660

fast cash advance

Thursday, May 03, 2012 2:55:53 AM (GMT Standard Time, UTC+00:00)

prcitn payday loans online mFPBy payday loan CeXLeY payday loan Canada ANqae

payday loans online

Friday, May 04, 2012 1:23:30 AM (GMT Standard Time, UTC+00:00)

ypeayqm payday Manitoba CQVjGB payday UK >:-[ payday Georgia DeLrU cigarettes 3353

payday Manitoba

Friday, May 04, 2012 10:44:59 PM (GMT Standard Time, UTC+00:00)

ckdwgn chemicals in cigarettes IfknAP payday loans Lubbock 1094 payday loans Yukon 5541 payday loan lenders uk pESZg

chemicals in cigarettes

Saturday, May 05, 2012 11:32:17 PM (GMT Standard Time, UTC+00:00)

lkkgfy same day loan :-O fast payday loan :-O cash advance online NebLu

same day loan

Wednesday, May 09, 2012 6:16:54 PM (GMT Standard Time, UTC+00:00)

obtxsqt quickquid ensRO fast payday loan 0795 payday loan Canada >:-OOO

quickquid

Thursday, May 10, 2012 10:41:39 PM (GMT Standard Time, UTC+00:00)

fvuwuqqq erection packs 8]]] cialis kaufen >:]] köpa propecia flashback 7080 cheap cialis >:]] viagra gNKIqG

erection packs

Thursday, May 10, 2012 11:52:48 PM (GMT Standard Time, UTC+00:00)

olkvsntg pay day loan >:-[ no fax payday loans 4209 cash advance loans %-[[[ Bad Credit Loans 9972

pay day loan

Friday, May 11, 2012 9:45:48 PM (GMT Standard Time, UTC+00:00)

bwxfwywd motrin AMwpP imigran >:]] premarin vmkumf order kamagra 0919 cialia %-[[[

motrin

Saturday, May 12, 2012 12:12:40 AM (GMT Standard Time, UTC+00:00)

whegey pay day loan RdFMXM pay day loans hMEUDE Bad Credit Loans :-O

pay day loan

Sunday, May 13, 2012 1:46:13 AM (GMT Standard Time, UTC+00:00)

epbosnl pay day loan 3208 payday loan gOgnHf payday advances xMaEOr

pay day loan

Monday, May 14, 2012 8:51:14 PM (GMT Standard Time, UTC+00:00)

ywuqqdo no fax payday loans 8333 cash advances GuRpcD instant Payday Loans >:-OOO

no fax payday loans

Tuesday, May 15, 2012 12:06:25 AM (GMT Standard Time, UTC+00:00)

gtsljfkc cialis YIQoP cipro 8]]] ampicillin 9521 aquista zocor 7639 order cialis >:-OOO

cialis

Tuesday, May 15, 2012 9:02:57 PM (GMT Standard Time, UTC+00:00)

hryokb payday cash 8897 payday loans 1946 no fax pay day loan srVlvH

payday cash

Wednesday, May 16, 2012 9:47:11 PM (GMT Standard Time, UTC+00:00)

aiqtqxpk cheap cialis online >:-OOO buy viagra %-[[[ buy cialis juAok cheap viagra 1464 viagra 7486

cheap cialis online

Wednesday, May 16, 2012 10:07:29 PM (GMT Standard Time, UTC+00:00)

zsbexn fast cash advance eYHop payday loans 7317 Bad Credit Loans 9602

fast cash advance

Friday, May 18, 2012 6:04:42 AM (GMT Standard Time, UTC+00:00)

klrhsv pay day loan %-[[[ payday loans STICF payday loans rqJqa payday Canada MCNgUa same day loan >:-[

pay day loan

Saturday, May 19, 2012 5:59:49 AM (GMT Standard Time, UTC+00:00)

ufpyqsr payday loans 7038 new car insurance iubEF payday loans 5796 short term loan >:]]

payday loans

Name
E-mail
Home page

	Remember Me
Comment (Some html is allowed: `a@href@title, strike`) where the @ means "attribute." For example, you can use <a href="" title=""> or <blockquote cite="Scott">.
Enter the code shown (prevents robots):
Live Comment Preview