Fascinating. I think you are looking for: response.headers['P3P']='CP="CAO PSA OUR"'
Massimo On Mar 6, 3:43 am, SergeyPo <ser...@zarealye.com> wrote: > Sorry this is not spamming but I keep trying to fix problem with > sessions and javascript. > My site uses frames and this may lead to problems. For example the > following link from 'left' frame works (opens something in right > frame): > > _onclick="javascript:top.frames['right'].location.reload()" > > But this one - does not: > > _onclick="javascript:top.frames['right'].location='/advantage/radar/ > filter_by_cart/1'" > > Here 'filter_by_cart' is name of controller. In this case web2py > looses session. > > I found the following recipe: > > http://petesbloggerama.blogspot.com/2007/08/aspnet-loss-of-session-co... > > briefly: > If you implement a FRAMESET where frames point to other Web sites on > the networks of your partners or inside your network, but you use > different top-level domain names, you may notice in Internet Explorer > 6 that any cookies you try to set in those frames are lost. This is > most frequently experienced as a loss of session state in an Active > Server Pages (ASP) or ASP.NET Web application. You try to access a > variable in the Session object that you expect to exist, and it is > null. > > The fix is very simple - Starting in Internet Explorer 6 support for > the Platform for Privacy Preferences (P3P) Project was introduced. The > P3P standard notes that if a FRAMESET or a parent window references > another site inside a FRAME or inside a child window, the child site > is considered third party content. Internet Explorer, which uses the > default privacy setting of Medium, silently rejects cookies sent from > third party sites. > > You can add a P3P compact policy header to your child content, and you > can declare that no malicious actions are performed with the data of > the user. If Internet Explorer detects a satisfactory policy, then > Internet Explorer permits the cookie to be set. > > A simple compact policy that fulfills the needed criteria follows: > > P3P: CP="CAO PSA OUR" > > The above code sample shows that your site provides you access to your > own contact information (CAO), that any analyzed data is only "pseudo- > analyzed", which means that the data is connected to your online > persona and not to your physical identity (PSA), and that your data is > not supplied to any outside agencies for those agencies to use (OUR). > This is sufficient to get Internet Explorer (and some other browsers) > to allow the Session cookie, as well as other cookies. > > QUESTION, Massimo, how to add such a header to http headers? > (I really don't want time to rewrite the whole app without frames - > jQuery panes is good for small amounts of data but not for larger > tables that I need in my Intranet app). --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "web2py Web Framework" group. To post to this group, send email to web2py@googlegroups.com To unsubscribe from this group, send email to web2py+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/web2py?hl=en -~----------~----~----~----~------~----~------~--~---
