W3C home > Mailing lists > Public > www-p3p-dev@w3.org > October 2008

How to set cookie for other domain

From: Mathias Haushofer <mathias.haushofer@infosys-online.de>
Date: Wed, 29 Oct 2008 14:14:50 +0100
To: "www-p3p-dev@w3.org" <www-p3p-dev@w3.org>
Message-ID: <A448196C318E6740A44E7EAB1A4745BD010CE4F9EC@winxbede01.exchange.xchg>


I am trying to set a cookie for another domain from my own server via serverside Java/Servlet.
The other domain is not under my control. Is this possible with an appropriate P3P policy stored on my own server?

I have already created a p3p.xml using IBMs policy editor, stored it on the server and written a corresponding Compact Policy in the response header:

P3P: policyref="http://localhost:8080/SSOProxyNew/w3c/p3p.xml", CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Set-Cookie: mycookie=XXXXXX; Domain=.otherdomain.com; Expires=Wed, 29-Oct-2008 13:17:06 GMT

But the browser (IE6 and IE7) does not seem to accept the cookie. At least the cookie does not show up in the request-headers to www.otherdomain.com and it is not listed in the browsers cookie-list.
There is no cookie-warning in the status-bar of the browser either.
Privacy Level is set to Medium in IE.

What am I doing wrong?
Is it generally possible to set cookies for other domains? I have seen ebay..com setting cookies for lots of other domains.

Received on Wednesday, 29 October 2008 14:00:29 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 22:42:52 UTC