...

View Full Version : How To Retrieve Cookies From 3rd Party Sites Through iFrames



Rudolfvda
07-15-2008, 05:32 PM
Hello all!

I hope you are having a jolly day!

Now, I'm creating a webpage in which I have iFrames, in which I'd like to display different websites which I do not own. However, I would still like the cookies of those sites to be installed on the user who visits my page. I'm aware that this is automatically blocked by browsers. I've done extensive research on the web, and have discovered that I need to install p3p on my server, along with corresponding tags and the p3p.xml policy file.

However!

Since I'm a designer, and a poor programmer, I was wondering if someone could assist me setting this up. Although I've got some knowledge about HTML, I don't know anything about xml, or other coding languages that are associated with p3p.

First off, I've already contacted my webmaster on how to activate p3p on my server, who should probably guide me on how to 'allow it to run' on my server.

Secondly, I've found several snippets of codes and p3p.xml templates, however, I have no idea what it needs to contain, or where I need to put it. I do know that the p3p.xml goes into a folder mysite.com/w3c/p3p.xml. Plus, some sort of snippet needs to be installed in the <head> section of the index.html of my main site.

Could someone assist me and explain which code snippet I need to use for the headers, and what needs to be displayed in the p3p.xml file? I have no intentions in creating a policy or anything like that, I just want to set it up so that cookies will be installed from sites through the iFrames on my website on the users' computer, at all possible levels.

Perhaps I ask a lot, but whoever helps me will be rewarded with not only my deepest gratefulness, but in return, I will also be pleased to help you with any graphical issues you may have, think Photoshop, etc. Edit: Offcourse I will also help nominate you as a helping member!

Many thanks for reading through my question, and thanks in advance for any replies!

Kindest regards,

Rudolf

jcdevelopment
07-15-2008, 05:45 PM
well, can you post the xml and all of the code you need for the p3p? Not sure how much there is but if you could go ahead.

Rudolfvda
07-15-2008, 07:06 PM
Thanks for your response JC!

I'm unsure what exactly needs to be included in the .xml, but I've seen templates like these for the .xml:


NestIframeJSP.jsp -->
<%
response.setHeader("P3P","CP=\"ALL ADM DEV PSAi COM OUR OTRo STP IND
ONL\"");
%>
<HTML>
<HEAD>
<script>
function readCookie(name) {
var nameEQ = name + "=";
var ca = document.cookie.split(';');
for(var i=0;i < ca.length;i++) {
var c = ca[i];
while (c.charAt(0)==' ') c = c.substring(1,c.length);
if (c.indexOf(nameEQ) == 0) return
c.substring(nameEQ.length,c.length);
}
return null;
}
</script>
</HEAD>
<BODY>

<%
session.setAttribute("name","value" );
out.println("Server created the JSESSIONID cookie by creating a
session.");
%>
<hr/>
Running javascript to retrieve these cookies <div
id="placeholder"></div>
<script>
document.getElementById("placeholder").innerHTML="JSESSIONID's
value is "+readCookie('JSESSIONID');
</script>

</BODY>
</HTML>


And for example, this was supposedly put in the [head] section of your index.html:



<Link REL="P3Pv1" href="http://www.yoursite.com/w3c/p3p.xml";>


or either:



<meta http-equiv="P3P" content='CP="NOI NAV"'>


Which confuses me greatly, because they are both very different. This is all highly energy-consuming as I do not understand much of it! However, I'm motivated to get it to work, so I'm open to any help!

And finally.. something needs to be validated at w3.org, at http://www.w3.org/P3P/validator.html, but at the moment I'm just not there yet.

I appreciate your help highly! Thanks in advance. :)

Kindest regards, Rudolf

jcdevelopment
07-15-2008, 07:20 PM
well, all i can think of is if they said place them in the head tags than try this out to see



NestIframeJSP.jsp -->
<&#37;
response.setHeader("P3P","CP=\"ALL ADM DEV PSAi COM OUR OTRo STP IND
ONL\"");
%>
<HTML>
<HEAD>
<Link REL="P3Pv1" href="http://www.yoursite.com/w3c/p3p.xml";>
<meta http-equiv="P3P" content='CP="NOI NAV"'> <script>
function readCookie(name) {
var nameEQ = name + "=";
var ca = document.cookie.split(';');
for(var i=0;i < ca.length;i++) {
var c = ca[i];
while (c.charAt(0)==' ') c = c.substring(1,c.length);
if (c.indexOf(nameEQ) == 0) return
c.substring(nameEQ.length,c.length);
}
return null;
}
</script>
</HEAD>
<BODY>

<%
session.setAttribute("name","value" );
out.println("Server created the JSESSIONID cookie by creating a
session.");
%>
<hr/>
Running javascript to retrieve these cookies <div
id="placeholder"></div>
<script>
document.getElementById("placeholder").innerHTML="JSESSIONID's
value is "+readCookie('JSESSIONID');
</script>

</BODY>
</HTML>


and the part of the link where it says


href="http://www.yoursite.com/w3c/p3p.xml

you would put your website, but i am sure you knew that. Let me know if it worked..

Rudolfvda
07-15-2008, 07:52 PM
Hi JC, thanks for the suggestion!

Here's what I received after running a test at w3.org's p3p validator:



Step 2: HTTP Protocol Validation ( HTTP headers )

HTTP headers have no P3P: header.

Step 3: HTML File Validation

HTML document has no P3P compliant link tags.

Message: No valid P3P compliant <link> element.


So.. what could these HTTP headers be? Step 1 ran just fine.

Thanks again! Kindest regards, Rudolf

jcdevelopment
07-15-2008, 07:56 PM
hmmm, not too sure, unfortunately im not too familiar with p3p or .jsp! But it looks like what i posted should work seeing as how both are in the header that they are asking for. Maybe the magic of the almighty moderator will move this to a correct area where they can answer it better. Otherwise im not too sure.

Rudolfvda
07-15-2008, 08:04 PM
Well JC, we've come a long way and I thank you for your effort! Hopefully someone will drop by and bless us with a solution! Thanks again! Kind regards, Rudolf



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum