Third Party Cookies are apparently blocked from being used, even with P3P headers set. This can be detrimental to user experience, especially when it comes to advertising. Most third party cookies set are not for "tracking", but for user options, mainly, to confirm that a particular intrusive ad isn't as intrusive, by only being intrusive the first time its seen on any website, not just the first time its seen on a particular website. With third-party cookies blocked, this can be very annoying, specially when the people using Safari happens to be the clients who requested the non-intrusive (but intrusive on first load) functionality. Other browsers: Mozilla Firefox 1.5: allows third party cookies by default Internet Explorer 6 / Windows: blocks without a P3P privacy policy (which is set) Safari: blocked Test Page: http://apps.eyewonderlabs.com/adWdrVideoSpace/ad/5165/approvalJSTags.html A JavaScript alert should pop up with the amount of times that ad has been seen. The cookie is set using industry standard methods of using a 1x1 gif to write it, and is read via a JS file that's written out dynamically.
<rdar://problem/5336248>
This seems to also affect subdomains of a parent domain when set in a frame. It's inconsistent though because it seems to work fine on some domains that I've tried but not others. Here are two examples: http://test2.foks.se (cookie not set) http://test2.almostasbig.com (cookie is set) In both examples, the cookie is set by image.php which just outputs an image.
I believe this is not a WebKit issue, and so this bugs.webkit.org bug should probably be closed. The cookie handling is outside WebKit, in the networking library. Unless there's something the WebKit layer should be doing.
If this bug is about P3P policies (which isn't completely clear to me), then yes, WebKit will need to be modified to apply these.
https://uverse1.att.com/un/launchAMSS.do?target_action=serviceabilityCheck Please try the above URL. It claims that cookies are not enabled, and mine are. (In reply to comment #0) > Third Party Cookies are apparently blocked from being used, even with P3P > headers set. This can be detrimental to user experience, especially when it > comes to advertising. > > Most third party cookies set are not for "tracking", but for user options, > mainly, to confirm that a particular intrusive ad isn't as intrusive, by only > being intrusive the first time its seen on any website, not just the first time > its seen on a particular website. With third-party cookies blocked, this can be > very annoying, specially when the people using Safari happens to be the clients > who requested the non-intrusive (but intrusive on first load) functionality. > > Other browsers: > Mozilla Firefox 1.5: allows third party cookies by default > Internet Explorer 6 / Windows: blocks without a P3P privacy policy (which is > set) > > Safari: blocked > > Test Page: > http://apps.eyewonderlabs.com/adWdrVideoSpace/ad/5165/approvalJSTags.html > > A JavaScript alert should pop up with the amount of times that ad has been > seen. The cookie is set using industry standard methods of using a 1x1 gif to > write it, and is read via a JS file that's written out dynamically. >
Either (or even both) priority and severity should be raised (I am not an empowered user to do such things) because it is a real problem for various contemporary services. Regards, Krystian Nowak
This bug is causing serious problems for some Safari users on a central piece of a site I'm working on. It would be great to get this fixed. Even IE has P3P stuff properly implemented. Embarrassing.
I'm seeing evidence that this bug also causes issues for 3rd party Facebook developers who use iframes, etc. iframes are not the past. They're an important part of the future of the web. Please don't ignore this bug!
7 years since the last comment, it's probably become clear that many priorities of the WebKit project are centered around protecting users from tracking vectors, and 3rd party cookie blocking (in all of its forms) is just the most basic form of this. Legitimate 3rd parties have many avenues to collude with 1st parties that trust them. This bug currently has no substance we intend to act upon.