clarification needed for 3rd party cookies behavior change in Fx4

Skip to first unread message

Jun 16, 2011, 10:45:36 AM6/16/11
I've reproduced this issue with a simple synthetic test, but I'll describe
in terms of the real site where I encountered it.

Verizon wireless (VZW) bill payment site has an iframe which loads The visa page onload, replace navigates (as opposed to
a sub requests) back to VZW. With 3rd party cookies disabled, this
VISA->VZW replacement request sends VZW cookies in Fx 3.6.17, but not in
4.0.1 where the transaction fails.

Why this change? I think Fx3.6 behavior is correct. For a request to be
considered 3rd party, it has to be a subrequest of a 1st party navigation,
but here VZW replaces VISA it's not a sub-request to the VISA request. If
it's to be considered a sub-request at all, it would be of the parent page,
which is VZW, so it's a 1st party sub-request.

Jun 16, 2011, 11:02:12 AM6/16/11
<> wrote in message

Reply all
Reply to author
0 new messages