Hello Experts,
At the moment we experience an issue with application hosted on SAP Netweaver As Java while using it in the cross domain landscape. The root of the issue is that cookies are not created for the application which is called from the iframe of another web application and located under a different domain outside of SAP Netweaver As Java. Such behavior is caused by the P3P protocol specification, which is applied to the Internet Explorer. IE treats IFrames as higher security risks being ‘foreign’ content and does not allow to create cookies.
This issue happens only on IE browser when the Privacy security level is set to Low and works well in other browsers like chrome, mozilla etc.
On searching and referring many sites,Possible solutions which were figured out:
1.Add the Portal’s domain and the external application’s domain to the trusted sites list in the IE;
2.Apply changes to the code to add special P3P header to HTTP responses, which will allow the IE to collect some user information and create cookie for different domain. Header "P3P" and value CP="CAO PSA OUR". This solution applies security risks that user data can be collected by third party.
The first solution works well. However, it forces all end users to apply the settings of adding the domain to trusted site list which we want to avoid.
Please let me know, if any of you have checked on the 2nd solution suggested (P3P ) implementation on SAP NW Application Server Java/references or Javascript code to add domain to end users IE browser when application is called.
Regards,
Ravi