I have the following code in website1.com: <script type=text/javascript> document.cookie = qwe=1; alert(document.cookie); </script>

Question

Asked: May 26, 20262026-05-26T17:21:42+00:00 2026-05-26T17:21:42+00:00

I have the following code in website1.com:

<script type="text/javascript">
    document.cookie = "qwe=1";
    alert(document.cookie);
</script>

and website2.com contains:

<iframe src="http://website1.com"></iframe>

When I open the page website2.com in IE it alerts empty string (if no cookies was set before).
Other browsers alert “qwe=1”.

So the question is why and how to workaround this?

You must login to add an answer.

Need An Account,

Editorial Team · Answer 1 · 2026-05-26T17:21:43+00:00

It is about security in IE.

If you want allow access to cookies in IFRAME, you should set HTTP header as follows:

ASP.NET:

HttpContext.Current.Response.AddHeader("p3p","CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"");

JSP:

 response.addHeader("P3P","CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"")

PHP:

header('P3P:CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"');

The Archive Base Latest Questions