How to Implement P3P HTTP Headers for cross-site cookies?

Why I need to make sure to implement P3P if using iframes or using cross-site cookies?
The point is that if your application is inside iframe with parent belongs to another domain - cookies will not work for some very common configurations, for example IE 6/7 with privacy set to medium. If cookies don't work - session won't work. Therefore session turns out useless for your application under Internet Explorer. checck "Privacy in IE 6" for more details.

This is relevant when domain that hosts iframe is different from parent domain. Because of the fact that this is not a very common scenario, only a few familiar with the solution. It's quite easy, we need to implement P3P header to tell the browser that cookies for your application inside iframe are OK for user privacy.
If you're using PHP, just simple define a header like this:
<?php
header('P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"')
?>

While in ASP.NET, it's working like this (Frankly I know nothing about asp.net, just show you the solution) :

protected void Application_BeginRequest(Object sender, EventArgs e)
{
// From admon.org
HttpContext.Current.Response.AddHeader("p3p", "CP=\"CAO PSA OUR\"");
}

Here is a testing example written in Chinese, you can check it with google's translate service.


You can also create this header in your web server by some tricks like this:
For Lighttpd, using the following derectives in lighttpd.conf :
server.modules    = ("mod_setenv")
setenv.add-response-header = ( "P3P" => "CP='CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'")

For Apache web server, the following directives will be OK:
<VirtualHost>
Header set P3P 'CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"'
</VirtualHost>

For more details about HTTP/1.1 P3P headers, Please check this link at w3.org