…so let’s say you have a site, that has two versions, a.throat-punch.com and b.throat-punch.com. And Apache uses a cookie to determine which version you should be viewing, and sends a 302 redirect if you’re on the wrong domain.
Now let’s say you want to access a page on this site from an <iframe> from an external domain, say www.whowantsathroatpunch.com. Stupid IE6 will not send the right cookies in the request headers. In fact, I’m pretty sure it will send no cookies. Why? Because it’s a dick. Every Other Browser does this correctly. It’s not a security issue -it’s not like you’re asking IE6 to send cookies that belong to another domain, or to teach our nation’s children to read or anything. You’re asking the browser for the cookies that have been previously set, and IE6 in its infinite dick-kickery is failing in that basic respect.
What really gets my goat is that, whereas the iframe will not get its cookies, if you make the src of the iframe do an AJAX request to another page on the site, that request will get its cookies sent correctly.
The workaround I found is to give the <iframe> src a new page if the browser is IE6, and on that new page, make an AJAX request to another new page that outputs the value of the cookie you’re looking for. When you receive the AJAX request, you can then parse the response and redircet the user to the now-corrected original <iframe> src. It’s stupid and inefficient, I know:
I’m writing this post solely for google to pick it up, just in case anyone ever is in this position again. So, dude who googled “ie6 cookies iframe 302 throat punch”, this one’s for you.
(thanks to celebdu for the photo)