We have created a punchout (cXML Punchout) supplier site which integrates with Ariba. It is working fine when tried in google chrome with frames environment but keeps on losing its session in IE for the same Frames Environment. When we pass JsessionID WITH THE URL IT WORKED only for start page. If we navigate using other links it started losing session. It took us to login page even though JsessionId is being passed for those navigation links.
This site was built in JAVA Struts2 Frame work. We are using Jboss V 5.1 server and Apache.
How can I retain the session throughout the punchout Process?
Session issue in punchout solve by using P3P policy in Apache, In IE third party cookies were being blocked to make them unblock by browser need to configure in web server and bit in your page header.
setHeader in apache config file. ===>
Header set P3P "policyref=\"example.com/w3c/p3p.xml\", CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\""
also you can place setHeader Or addheader code in masterpage of your project (Optional)
before this create a P3P.xml file (using below sample or u can use generator tool) and deploy it.
Sample P3P.xml:
<?xml version="1.0" encoding="UTF-8" ?>
<!-- Generated by http://www.webentrust.com on 05/25/2011 -->
<META xmlns="http://www.w3.org/2002/01/P3Pv1">
<POLICY-REFERENCES>
<POLICY-REF about="#Policy">
<INCLUDE>/*</INCLUDE>
</POLICY-REF>
</POLICY-REFERENCES>
<POLICIES xmlns="http://www.w3.org/2002/01/P3Pv1">
<EXPIRY max-age="604800"/>
<POLICY name="Policy" discuri="http://www.example.com/privacy.html" opturi="http://www.example.com/contact.html">
<ENTITY>
<DATA-GROUP>
<DATA ref="#business.name">example.com</DATA>
<DATA ref="#business.contact-info.online.email">[email protected]</DATA>
</DATA-GROUP>
</ENTITY>
<ACCESS>
<all/>
</ACCESS>
<DISPUTES-GROUP>
<DISPUTES resolution-type="service" short-description="Privacy Disputes" service="http://example.com/contact.html">
<REMEDIES>
<CORRECT/>
</REMEDIES>
<LONG-DESCRIPTION>We will correct any privacy issues.</LONG-DESCRIPTION>
</DISPUTES>
<DISPUTES resolution-type="independent" short-description="Web Entrust" service="http://www.webentrust.com/sites/example.com.html">
<REMEDIES>
<CORRECT/>
</REMEDIES>
<LONG-DESCRIPTION>Web Entrust provides several active seals to represent increased trust, privacy and security. Public reviews provide accountability through an open review policy.</LONG-DESCRIPTION>
<IMG alt="Web Entrust Site Seals" src="http://www.webentrust.com/seals/trusted/example.com.png"/>
</DISPUTES>
</DISPUTES-GROUP>
<STATEMENT>
<CONSEQUENCE>Web server logs are maintained for this web-site.</CONSEQUENCE>
<EXTENSION optional="yes">
<STATEMENT-GROUP name="Logging" xmlns="http://www.w3.org/2006/01/P3Pv11"/>
</EXTENSION>
<PURPOSE>
<current/>
<admin/>
<develop/>
<pseudo-analysis/>
<pseudo-decision/>
<tailoring/>
</PURPOSE>
<RECIPIENT>
<ours/>
</RECIPIENT>
<RETENTION>
<business-practices/>
</RETENTION>
<DATA-GROUP>
<DATA ref="#dynamic.clickstream"></DATA>
<DATA ref="#dynamic.clientevents"></DATA>
<DATA ref="#dynamic.http"></DATA>
<DATA ref="#dynamic.searchtext"></DATA>
</DATA-GROUP>
</STATEMENT>
</POLICY>
</POLICIES>
</META>
for More details:
To Validate your Privacy Policy xml file :