newmoon.wz.cz/page.php

For original question and discussion, see this StackOverflow post.

Internet Explorer gives lower level of trust to IFRAME pages (IE calls this "third-party" content). If the page inside the IFRAME doesn't have a Privacy Policy, its cookies are blocked (and The Evil Eye appears in the status bar). This is a simple test for such behavior.

We're testing if the session-id cookie gets passed with the submitted form. Just passing a session ID is not enough: we want to pass the same session that we've started on someform.php. (I know this could be passed in GET/POST; for some reason it wasn't feasible in one case.)

Pages involved:

• page.php (green/blue, this page you're reading) - resides on a different host than the rest of the pages, just opens an iframe and passes the checkbox state
• someform.php (blue) - starts a cookie-based session, sets $_SESSION['test_pass'] = 'to_second_page';
• process.php (orange) - starts session, checks if it's the same one as previous page
• erase.php (purple) - erases session and cookies, redirects back to someform.php
• set_cookie.php (white) - starts session, sets $_SESSION['var_from_set_cookie'] => yes

modify behavior

Send p3p compact header (this Just Makes It Work^TM)