Previous     Next

How to set third-party cookies with iframe Facebook Applications

So you’ve written your facebook application, and you’ve gone the quick’n'easy route by making it an iframe application. The world is your oyster and any day now you’ll have your millionth user. Until you try to write a cookie.

Cookies written by your application will be treated as Third Party cookies by your browser, and in IE6 with the default privacy setting of ‘Medium’, they will be deleted. This can lead to all sorts of problems, from user settings not being remembered to total app breakdown (which, funnily enough, is what happened to me).

As it turns out, there is a simple solution. If you supply a ‘compact privacy policy’ with your page, then IE will treat the cookies with respect and let them through.

To the code

Just add this to the start of your page (every page where cookies will be written):


HttpContext.Current.Response.AddHeader("p3p", "CP=\""IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\""")




If you liked this, then subscribe to my RSS feed


  1. Rodrigo Geve Aug 2

    Very cool, .. thanks for the help, you’ve saved me a few hours of digging, and that’s always very appreciated!

    I’ve been developing a Web2.0/Ajax/Google Maps project for months now, and I figured, what the heck, let’s deploy a version on facebook. I just hope I don’t run into any major snags, .. using Iframe technique so I should be OK, .. now I have to figure out the whole authentication thing..

    Do you guys code facebook using PHP? Any java developers out there???

  2. Gath Aug 2

    Hi Rodrigo,

    I code using VB.Net - sorry I can’t be of much help.

    Definitely check out the Developer forums on Facebook, there are heaps of PHP developers there. Not sure about java.

    Good luck with your app.


  3. Ken Aug 4

    This fixed it great in IE. However, I am seeing the same problem in Firefox 2. Has anyone experienced this and/or found a fix?

  4. Michael Dec 23

    Hi Gath,

    thanks for the info, found it very useful. I am contemplating building an application myself, but can you advice on how much money these applications do or can actually generate for their owners?

  5. Aaron Jan 25

    Thanks for this. Saved My Day… :)

  6. khim Feb 20

    how can i put this application in my profiles????

  7. Captain Svejk Mar 21

    Thanks for this compact and well-explained solution.

    I have a mail form and php mail script (with “required field” and email validation code) on a separate server to the main site because the host domain has some kind of issues with sending emails out that they can’t or won’t resolve (supanames, uk).

    My cunning plan of including the form in an iframe (and re-populating the form fields via cookies) was thwarted in IE until I discovered this article.

    Nice one.

  8. Pat Jun 26

    I am using a blended application in facebook FBML with …. Your article helped alot… THANK YOU…. Just a note this works in the following ways…
    1. as described.
    2. in a base page in the page load overide
    3. in the master page file
    4.. BUT easier still if you have access to the web server in IIS under IIS manager, right click on the web site go properties, choose the HTTP Headers Tab, Click add, put custom header name as p3p and value as CP=”IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT” including quotes”"..

    then every page will hold this header value..

    Cheers.. P ;)

  1. Copying cookies across domains in ASP.Net