Internet Explorer sets cross-domain cookies for authorization

Question

Internet Explorer sets cross-domain cookies for authorization

I have two applications in the following domains: www.bar.com and www.foo.bar.com. The second application makes authorization through the first application (using a cross-domain request). After that, I set cookies in my browser, but it doesn’t work in Internet Explorer:

$.cookie("SESSION_KEY", loginResult.sessionKey, { expires: 365, path: "/", domain: ".bar.com" });

The code works in all browsers except Internet Explorer v.9 Cookie is not installed. How can i fix this?

+8

internet-explorer cookies cross-domain

Andrew Apr 2 '13 at 13:04

source share

2 answers

Kamil Kiełczewski · Answer 1 · 2016-09-06T08:20:49+0000

IE, as the only one web browser on the market, implements the partial P3P standard (regarding cookie acceptance in CORS)

Thus, you can set cookies using the server response - for this you must set this header in the server response (which sets cookies) (I will copy-paste below the line from my PHP symfony project):

 $response->headers->set('P3P', 'CP="random_text"');

You should also remember the flag of adding 'withCredentials = true' to your CORS request (otherwise, any cookies will be sent / saved from the request / response).

devnull · Answer 2 · 2013-04-02T13:26:42+0000

This is due to IE settings. From the Tools menu, select Internet Options . Click the Security tab. Select an Internet content zone and click Custom Level to open the security settings.

Find the Miscellaneous settings. Try enabling Access data sources across domains . You may need to restart IE for the settings to take effect.

Internet Explorer sets cross-domain cookies for authorization

More articles: