[prev in list] [next in list] [prev in thread] [next in thread] 

List:       www-p3p-dev
Subject:    Re: Flash Cookies - LSO
From:       Rigo Wenning <rigo () w3 ! org>
Date:       2011-07-04 7:18:08
Message-ID: 201107040918.08268.rigo () w3 ! org
[Download RAW message or body]

Dear Ranieri Pires, 

This is not possible in P3P 1.0. The P3P Working Group had identified your 
scenario and had specified this in the P3P 1.1 Specification. 
http://www.w3.org/TR/P3P11/

2.3.2.9.1 OUR-HOST Extension

The OUR-HOST element allows sites to declare hosts that are owned by the 
entity in the associated policy or that are acting as agents of that entity. 
User agents may use this extension to distinguish between such a host and 
actual third-party hosts.

Unfortunately, browsers never supported the P3P 1.1 Specification, so it 
remained a Working Group Note. 

As a consequence, you can't declare a same origin anywhere so far. Browsers 
will assume that example1.org and example2.com are two different things and 
they will apply their security policy to it accordingly. 

Best, 

Rigo Wenning
W3C Legal counsel


On Wednesday 29 June 2011 17:11:01 Ranieri Pires wrote:
> How to save a flash cookie Local Shared Objects (LSO) in 2 domains?
> Example: My SWF is in www.domain1.com, but I need the cookie (LSO) is
> recorded inwww.domain1.com and www.domain2.com. Is there a P3P policy that
> allows this?
> 
> 
> 
> 
> 
> Ranieri
> 

[prev in list] [next in list] [prev in thread] [next in thread]