For original question and discussion, see this StackOverflow post.

Internet Explorer gives lower level of trust to IFRAME pages (IE calls this "third-party" content). If the page inside the IFRAME doesn't have a Privacy Policy, its cookies are blocked (and The Evil Eye appears in the status bar). This is a simple test for such behavior.

We're testing if the session-id cookie gets passed with the submitted form. Just passing a session ID is not enough: we want to pass the same session that we've started on someform.php. (I know this could be passed in GET/POST; for some reason it wasn't feasible in one case.)

Pages involved:

modify behavior