there are (i)frames on my webpage. If I try to visit my webapp on IE-8 it won't work like expected! Some javascript-functions won't get called. It is pretty obvious that there is a same-origin-policy-violation. The src of frame-A is www.exa.com and frame-B is www.mple.com
Now, if I open a new browser tab and visit both domains for one time, my webapp runs as expected.
What happens in IE-8 here? It seems that after visiting a domain for the first time in a session you 'know' this domain and it seems more trustful than before?!
The question which comes up immediately after this observation is: what javascript-code can simulate this 'preopening' of foreign domains?
Thanks in advance.
UPDATE: it seems that IE doesn't take third party cookies. According to this our system thought the user is not logged in and so he was thrown out. If we reduced related IE-Internetoptions all worked like expected. We are still looking for a solution which support IE-8 with default-options.
it seems that IE doesn't take third party cookies.
Deploy a P3P policy and the default settings in IE will permit third-party cookies.
Browsers will block third-party cookies in various circumstances. For example Safari's default setting will block them even if you do have a P3P policy. So it's typically not a great idea to rely on them.