In the first post of this series, I tried to warm it up a bit and gave introductory information and talked a bit about the tools that we can use for developing and testing applications for cross browser compatibility. Now it is time to discuss the specific issues. Fun begins.
You are using Internet Explorer 6.0 to test your application. You have frames and framesets in your application, and everything works fine. But you notice that you loose the session intermittently, without receiving any appropriate errors. You are sure that you turned cookies on and everything.
Before suspecting your code and beating yourself up see this:
‘Internet Explorer 6 introduced support for the Platform for Privacy Preferences (P3P) Project. The P3P standard notes that if a FRAMESET or a parent window references another site inside a FRAME or inside a child window, the child site is considered third party content. Internet Explorer, which uses the default privacy setting of Medium, silently rejects cookies sent from third party sites.’
As you notice it basically means that ALL your cookies are going to be rejected without any prompt, including form authentication and session cookies (Remember Me functionality in your login page will not work). That’s really annoying if you notice unexpected empty strings in your application, because you receive NO errors, notification and anything like that.
For ASP.NET you need to add following code to all your pages (if you have a base page it probably is the ideal place for this)
Response.AddHeader(”P3P”, “CP=\”CAO PSA OUR\”");
If you need a quick fix you can consider to put it in your Application’s BeginRequest event in your Global.asax file or implement your own HttpModule for this to inject this header in.
Here CAO means that this is your own contact site or in other words IE 6.0, I beg you don’t delete my cookies!
We will continue talking about cross browser development, so stay tuned!