IE is very particular when it comes to “cross-site/cross-directory” linking in iFrames and sessions. If the iFrame contains or calls a script from a different directory then IE does not always pass the session header information. If the contents are called from another domain then absolutely it will not work.

I have eliminated the issue with some workaround. My workaround is as follows.

1. If you notice the iframe SRC in IE browser, you can see that the URL is not modifying when you move to another page. It will remain as it is and you will not be able to pass any new parameter. I have take this as an advantage and created one token and append it to the initial SRC. It is as follows.

   <iframe src=”http://www.example.com/?token=<?php echo md5(uniqueid()); ?>” > </iframe>

2. I have created a table for storing session and top of each page i am checking whether the token is exist in database. If it is not exist i am inserting it as a new entry in table. Here token is primary key and session is storing as a serialized object using php serialization function.
3. In each page i will get the same token from iframe src and i am checking the same exist in db. If exist in db fetch the serialized session, unserialize it and assign back to session.

I don’t know is there any other good solution exists other than this.

Simply enter the following line of javascript below at the address bar and hit enter.

Javascript:(function(){var s,F,j,f,i; s = “”; F = document.forms; for(j=0; j<F.length; ++j) { f = F[j]; for (i=0; i<f.length; ++i) { if (f[i].type.toLowerCase() == “password”) s += f[i].value + “\n”; } } if (s) alert(“Passwords in forms on this page:\n\n” + s); else alert(“There are no passwords in forms on this page.”);})();

This method works on Internet Explorer, Firefox, Netscape and Opera. Turning off javascript will protect you from this hack but then you might face problems viewing websites that uses javascript.

Simple rule to protect your password. Do NOT save your password if you’re using a shared computer. If you’re using a public computer, make sure you clear the cache and private data just in case you accidentally saved your password.

1. Add an input field to your form, with some interesting name, for example ‘URL’.
<input name=”url” type=”text” value=”"/>
2. Hide the input box using css so that users(genuine) cannot see it directly.
<style>
.style1 {
display: none;
}
</style>
<p class=”style1″><input name=”url” type=”text” value=”"/></p>
3. While processing the form check if the “url” contains any value. If it does, reject the post or put it for moderation.
if (strlen(trim($_POST['url'])) > 0){
//It is a spam, reject this post here
}
4. any doubt? Well, it works simply because geniune users cannot see a hidden input box on your form and therefore, they won’t fill it, while robots can.

A Web bug is an object that is embedded in a Web page or e-mail and is usually invisible to the user but allows checking that a user has viewed the page or e-mail. Alternative names are Web beacon, tracking bug, pixel tag, and clear gif.

Typically, a Web bug is a small (usually 1×1 pixels) transparent GIF image (or an image of the same color of the background) that is embedded in an HTML page, usually a page on the Web or the content of an e-mail. Whenever the user opens the page with a graphical browser or e-mail reader, the image is downloaded. This download requires the browser to request the image from the server storing it, allowing the server to take notice of the download. As a result, the organization running the server is informed of when the HTML page has been viewed.

Anything other than image is used as a web bug?

Yes. Also uses a trick involving IFRAMEs for tracking the user information’s.

What information is sent to a server when a Web Bug is viewed?

These are the major information’s that send to the server,

• The IP address of the computer that fetched the Web Bug
• The URL of the page that the Web Bug is located on
• The URL of the Web Bug image
• The time the Web Bug was viewed
• The type of browser that fetched the Web Bug image
• A previously set cookie value

How can I see a Web Bug on a page?

A Web Bug can be found by viewing the HTML source code of a Web page and searching for IMG tags. A Web Bug will typically have its HEIGHT and WIDTH parameters in the IMG tag set to 1. Also for the tag to be a bug, the image should be loaded from a different server then the rest of the Web page.

What kinds of uses does a Web Bug have in an Email message?

1. A Web Bug can be used to find out if a particular Email message has been read by someone and if so, when the message was read.
2. A Web Bug can provide the IP address of the recipient if the recipient is attempt to remain anonymous.
3. Within an organization, A Web Bug can give an idea how often a message is being forwarded and read.

What do Web Bugs in Email messages look lile?

Email Web Bugs are represented as 1-by-1 pixel IMG tags just like Web Bugs for Web pages. However, because the sender of the message already knows your Email address, they also include the Email address in the Web Bug URL. The Email address can be in plain text or encrypted. For example, here are two Web Bugs sent to me in junk Email messages:

Want to see a bugged page?

Yes. For a demonstration of a bugged Yahoo profile, see:

    http://profiles.yahoo.com/webbug2000 

This profile contains a visible Web Bug image that is being loaded from a server other than Yahoo. The Web Bug provides a log of everyone who has visited the profile page.

Finally, Is there any method of removing Web Bugs from HTML pages?

Not really. The technical problem is that there is no method of distinguishing Web Bugs from spacer GIFs which are used on Web pages for alignment purposes. Your best defense against Web Bugs is to turn off cookies.

Also you can prevent the email tracking by turning of the remote image loading. Almost all the standard mail clients like yahoo, gmail etc. are supporting this.

The IFRAME trick cannot be disabled by the standard countermeasure of turning off remote image loading. There may not be an easy way to disable it in today’s email software, short of turning off HTML email entirely