Hi, Tnx for your feedback. What I have understood, the P3P policy file is kind of "dead" since the lack of support from the browser implementers ( from www.w3c.org: "The P3P Specification Working Group took this step as there was insufficient support from current Browser implementers for the implementation of P3P 1.1" ).
Is this correct? regards, /jonas Leon Rosenberg-3 wrote: > > I believe if you set the p3p policy correctly (in your tomcat) ie7 > will accept the third party cookies. > > regards > Leon > > On Nov 22, 2007 11:05 PM, J.Gustafsson <[EMAIL PROTECTED]> wrote: >> >> Hi, >> I have an interesting problem (I think) that I wonder if someone could >> assist me with. >> >> I want to do cross-domain scripting. I have some java-script that makes a >> cross-domain http request to a Tomcat server. This works fine as long as >> third-party cookies are allowed in the browser. Tomcat can keep track of >> the >> session by the jsessionId. If cookies are not allowed at all in the >> browser, >> I simple let the java-script decide to not make a cross-domain call at >> all. >> Those are not interesting for my application. My problems appear when >> first >> part cookies are allowed, but third-party is not (the default settings in >> IE7 I think). The java-script will think that cookies are allowed and >> make >> the cross-domain http call. Since third party cookies are not allowed, >> Tomcat is not allowed to set a jsessionId on a cookie, but instead add >> the >> jsessionId on the URL. >> >> This is unfortunately not good enough for me. When third-party cookies >> are >> allowed, my java-script provides a first-part cookie in the cross-domain >> http call. I use this value to identify the user, and set it on the >> session >> created by Tomcat. If however Tomcat cannot set cookies, since >> third-party >> cookie is not allowed, I simply cannot do like this. >> >> So what do I actually want to achieve? >> I would like Tomcat to bypass its "sanity" check when URL-rewrite is >> done. I >> want Tomcat to create a session with a key (jsessionId) I provides it >> with. >> Does this sound totally insane? Maybe it is. Perhaps there is another >> solution I have not thought of? >> >> I know there is another solution, running Tomcat session-less and write >> to a >> file/db for each call, but because of performance reasons, I would like >> to >> avoid this. >> >> Any ideas/proposals? >> >> /jonas >> >> -- >> View this message in context: >> http://www.nabble.com/Cross-domain-calls-when-third-party-cookies-are-not-allowed-tf4858744.html#a13904100 >> Sent from the Tomcat - User mailing list archive at Nabble.com. >> >> >> --------------------------------------------------------------------- >> To start a new topic, e-mail: users@tomcat.apache.org >> To unsubscribe, e-mail: [EMAIL PROTECTED] >> For additional commands, e-mail: [EMAIL PROTECTED] >> >> > > --------------------------------------------------------------------- > To start a new topic, e-mail: users@tomcat.apache.org > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > -- View this message in context: http://www.nabble.com/Cross-domain-calls-when-third-party-cookies-are-not-allowed-tf4858744.html#a13995129 Sent from the Tomcat - User mailing list archive at Nabble.com. --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
