A Tempest of Thoughts

Posts Tagged ‘explorer’

Cookies in iFrames: how bashing my head on the table made them work in Internet Explorer

Posted by Giovanni Intini | Filed under Rails, Random Stuff, Ruby

While working on our TTGPassport our valiant team hit a wall that most programmers hit sooner or later when working with iframes: cookies won’t work with Internet Explorer, and you will lose your session.

The internet is full or remedies for this unnerving problem, most of them revolving on pseudo-magically setting the P3P header. I don’t believe in pseudo-magic, so I kept googling for answers, until I found this informing post.

I diligently ran through the suggestions but we had random session losses, with no reasonable explanation. We were setting our P3P header in a before filter (Rails application), like this:

class ApplicationController < ActionController::Base
  before_filter :set_p3p
 
  def set_p3p
    response.headers["P3P"]='CP="NOI DSP LAW NID"'
  end  
end

Fearing Rails could be the culprit I changed our Apache configuration to set the header on every request, using the following directive:

Header set P3P "CP=\"NOI DSP LAW NID\""

Unfortunately even bypassing Rails didn’t help. I was even unsure of why sometimes it worked and sometimes it didn’t (basically when explorer shows the evil red eye on the bottom of the page it means it’s blocking your cookies).

I started playing around with Firebug to see what could be the problem, and finally a little lightbulb lit on top of my head: the pages that broke the session didn’t have the P3P header, and instead they had an ETag header. That means something was adding the ETag and that the browser recalled the content of the page from its cache, thus bypassing P3P and upsetting explorer. I disabled ETags in Apache:

Header unset ETag
FileETag None

Guess what? It didn’t work. Something was still setting the ETag header and bypassing my beloved and much needed P3P. The only culprit could be Ruby on Rails. I googled some more but nothing really told me how to disable ETags so I had to resort to some monkey patching:

module ActionController
  class Request
    def etag_matches?(etag)
      false
    end
  end
 
  class Response
    def etag?
      true
    end
  end
end

I asked our strong, silent project manager to test it because I was crossing my fingers too hard, and, finally, it worked, no ETags and our P3P header where we expected it.

I hope you are reading this article because you had the same problem we had, and I hope it will help you as it helped us!

Tags: apache2, cookies, etags, explorer, iframe, Rails, Ruby, Ruby on Rails
Read more | Comments (0) | Nov 12, 2010

Tags

Categories

• Ajax (5)
• AmazonS3 (1)
• Apple (7)
• Business (13)
• Capistrano (8)
• Chuck Norris (1)
• Del.icio.us (145)
• Drupal (4)
• Erlang (5)
• Euler (1)
• Firefox (2)
• Flick (1)
• Fun (3)
• Geeks at Work (4)
• Hack Day (1)
• Italy (9)
• Java (1)
• Javascript (5)
• jQuery (1)
• Learning Erlang (2)
• lighttpd (2)
• Linux (2)
• Lua (4)
• Mac (6)
• mikamai (5)
• Netwo (1)
• Nimboo (8)
• OpenCoffee (2)
• PHP (6)
• Productivity (6)
• Programming (31)
• Prototype.js (1)
• Python (1)
• Radiant (5)
• Rails (9)
• Random Stuff (17)
• Ruby (30)
• Ruby on Rails (17)
• SamePlace (1)
• Site5 (1)
• Stacktrace (1)
• Tempe.st (3)
• Testing (3)
• Twitter (4)
• Ubuntu (3)
• VBA (1)
• Wordpress (7)
• Yahoo (4)