What factors influence IE in determining whether or not to send a cross-domain cookie?

Working on troubleshooting an interface consumed by 3rd parties. The quick overview:

• 3rd party sends the user out our site example.com/login to let the user authenticate with us
• After signin we redirect the user back to thirdparty.com
• thirdparty.co开发者_JAVA技巧m consumes a dynamic JS file on our site used to return information about the logged in user example.com/dynamicJs.js
  • Since this request is made against example.com it should include the cookies dropped during login (they are required for it to serve its purpose)
  • for IE, they are no longer being included in the request

In researching:

• the cookies themselves don't appear to have changed, and manually navigating IE to the URL of dynamicJS.js results in the necessary cookies being transmitted.
• example.com has P3P policies in place and is not generating any visible warnings/errors with IE
• other browsers include the cookies

So, what other variables could be influencing IE and resulting in it omitting the example.com cookies when loading example.com/dynamicJS.js?

---

After much research we identified the root of the issue was within IIS's Custom HTTP Response Headers.

Previously we had configured the site to return a P3P header, but in diagnosing this issue we found that somehow the header was now being returned as 3P. Returning the key to P3P resolved out issue.

In researching the actual cause of this change we found that the bad header originated in the web.config, within the <httpProtocol><customHeaders> element -- however it appeared to have been placed there some time ago and remained dormant until the AppPool was stopped/restarted for maintenance.