I believe if you set the p3p policy correctly (in your tomcat) ie7 will accept the third party cookies.
regards Leon On Nov 22, 2007 11:05 PM, J.Gustafsson <[EMAIL PROTECTED]> wrote: > > Hi, > I have an interesting problem (I think) that I wonder if someone could > assist me with. > > I want to do cross-domain scripting. I have some java-script that makes a > cross-domain http request to a Tomcat server. This works fine as long as > third-party cookies are allowed in the browser. Tomcat can keep track of the > session by the jsessionId. If cookies are not allowed at all in the browser, > I simple let the java-script decide to not make a cross-domain call at all. > Those are not interesting for my application. My problems appear when first > part cookies are allowed, but third-party is not (the default settings in > IE7 I think). The java-script will think that cookies are allowed and make > the cross-domain http call. Since third party cookies are not allowed, > Tomcat is not allowed to set a jsessionId on a cookie, but instead add the > jsessionId on the URL. > > This is unfortunately not good enough for me. When third-party cookies are > allowed, my java-script provides a first-part cookie in the cross-domain > http call. I use this value to identify the user, and set it on the session > created by Tomcat. If however Tomcat cannot set cookies, since third-party > cookie is not allowed, I simply cannot do like this. > > So what do I actually want to achieve? > I would like Tomcat to bypass its "sanity" check when URL-rewrite is done. I > want Tomcat to create a session with a key (jsessionId) I provides it with. > Does this sound totally insane? Maybe it is. Perhaps there is another > solution I have not thought of? > > I know there is another solution, running Tomcat session-less and write to a > file/db for each call, but because of performance reasons, I would like to > avoid this. > > Any ideas/proposals? > > /jonas > > -- > View this message in context: > http://www.nabble.com/Cross-domain-calls-when-third-party-cookies-are-not-allowed-tf4858744.html#a13904100 > Sent from the Tomcat - User mailing list archive at Nabble.com. > > > --------------------------------------------------------------------- > To start a new topic, e-mail: users@tomcat.apache.org > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
