Recently we had to mix an old ASP application with DotNetNuke. This was for a members site. Members had to log into the ASP application which created a session variable. This session variable needed to be passed along to all pages within the members site. The members site was a combination of ASP pages in iframes and DotNetNuke pages. During login the session variables were set.

The variables were passed perfectly from page to page within the members site in Firefox and Google Chrome. In IE the users were constantly brought back to the login page saying their login failed. IE was not accepting the session variables.

The reason why this was happening in IE is P3P. I had never heard of this until now. Apparently IE is more restrictive about cookie privacy, and it implements P3P, so you have to explicitly tell it that the cookies from the Iframes ore OK.

P3P information – http://www.w3.org/P3P/

The fix was on every ASP page this code needed to be placed:

Response.AddHeader "p3p","CP=\""IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"""

Thanks to Dan for finding this quirk in IE!