Internet Explorer set cross domain cookies for authorization

I have two application on next domains: www.bar.com and www.foo.bar.com. Second application makes authorization via first application (using cross domain request) After this I sets cookies to browser, and in the Internet Explorer it doesn't work:

$.cookie("SESSION_KEY", loginResult.sessionKey, {         expires: 365,         path: "/",         domain: ".bar.com" }); 

The code works in all browsers excepti Internet Explorer v.9 The cookie doen't set. How can I fix it?

2 Answers

Answers 1

This is due to IE settings. From the Tools menu, select Internet Options. Navigate to Security tab. Select Internet web content zone and click Custom Level to open the Security Settings.

Locate Miscellaneous settings. Try enabling Access data sources across domains. You might need to restart IE for the settings to take effect.

Answers 2

IE, as only one web browser in the market, implements partialy P3P standart (which is about acceptance cookies in CORS)

So you can set cookies using server response - to do this you must set this header in server response (which set cookies) (I copy-paste below line from my PHP symfony project) :

$response->headers->set('P3P', 'CP="random_text"'); 

You must also remember about add flag 'withCredentials=true' to your CORS request (in other case, any cookies will be add to response).

If You Enjoyed This, Take 5 Seconds To Share It

• Facebook
• Twitter
• Google+
• StumbleUpon
• Digg
• Delicious
• LinkedIn
• Reddit
• Technorati