So, you want to detect browser cookie third party support.
What is third-party cookies
Basically, third-party cookies are cookies that are set by a website other than the one you are currently on. For example, ctomczyk.pl might have a Twitter like button. That button will set a cookie that can be read by Twitter. That would be considered a third-party cookie.
Some browsers (from specific versions), like Firefox and Safari, have this option disabled by default. However, see page “How to enable third-party cookies in your web browser” to get information’s how to enable third-party cookies in some browsers.
Potential options to detect if browser support third-part cookies
How to detect if browser allow to set third-party cookies or not? There is some options.
window.postMessagemethod (cross-origin communication) to check if third-party cookies can be set.
- Use server-side solution.
I prefer server-side solution. The proof of concept is here: http://www.ctomczyk.pl/lab/3rd_party_cookie/feature_detection.html.
How it works?
Basically, I load script file from other domain than site is currently on. In my example it is from domain jscode.info. On server-side I setting the cookie and make a redirect to the server where I read the cookie and echo the script method with result. So, first step is to get script on server side (see method loadJS in source code of above proof of concept URL) that contains PHP (in this case I use PHP on server-side) code:
setcookie('3rdparty_test', true, time() + (60 * 5)); // 1 minute $url = (!empty($_SERVER['HTTPS'])) ? "https://".$_SERVER['SERVER_NAME'].dirname($_SERVER['PHP_SELF']) : "http://".$_SERVER['SERVER_NAME'].dirname($_SERVER['PHP_SELF']); header('p3p: CP="CAO PSA OUR"'); header('Location: ' . $url .'/getresult/testcookie.php'); exit;
and redirect to file where I read the cookie and echo the name of global method which will be called after response from server:
Actually, it works in the same way as JSONP requests. Except that I do one redirect.
Note: IE requires you to set a P3P policy before it will allow third-party frames to set cookies, under the default privacy settings.