SitePoint Sponsor

User Tag List

Results 1 to 8 of 8
  1. #1
    SitePoint Zealot eStudio's Avatar
    Join Date
    Dec 2001
    Location
    NE Texas
    Posts
    153
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    IE 6.0 & Cookies - - UGH!

    anyone else enjoying issues with IE 6.0 and cookies - framed pages....?

    any temp fixes/solutions found???

  2. #2
    We like music. weirdbeardmt's Avatar
    Join Date
    May 2001
    Location
    Channel Islands Girth: Footlong
    Posts
    5,882
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Yeh it is the new security policy used by IE6. You will need to advise your users to add your site to their list of trusted sites. Or failing that, tighten up your cookie params.

    Have a look at: http://www.microsoft.com/windows/ie/...ew/privacy.asp

    I swear to drunk I'm not God.
    Matt's debating is not a crime
    Hint: Don't buy a stupid dwarf Clicky

  3. #3
    SitePoint Enthusiast
    Join Date
    Feb 2001
    Location
    thepigeon is always on the move...
    Posts
    31
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    There is apparently another alternative out there...

    P3P. Or The Platform for Privacy Preferences Project looks to be the new standard. It consists of XML versions of your privacy policy that can be interpreted by IE 6 to determine whether or not your site conforms to the users Privacy Standards. You can find the details at http://www.w3.org/P3P/
    The only real problem seems to be that you have to be able to modify your websites HTTP headers, which I dont think most hosts will let you do unless you have a dedicated server. If I am wrong about that someone please correct me.
    The W3C explanation of it all is comprehensive, as i am sure you can imagine, and they even have links to some resources to help you convert your current privacy policy into a machine readable XML file.
    I haven't really dived in yet, as I am waiting to hear from my host as to whether or not I can modify my websites headers.
    Last edited by ThePigeon; Feb 12, 2002 at 17:57.
    peck! peck! go to heck...
    thepigeon

  4. #4
    SitePoint Member
    Join Date
    Feb 2002
    Posts
    4
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    IE 6.0 & Cookies

    Its probably a P3P problem. If you look in the bottom of the IE window, next to where the little error icon would show up, there might be another one ... a page with an eye on it ... or perhaps a red circle with a white line.

    Double-click and it will show you what cookies have been blocked.

    P3P is still fairly new ... and IE 6 (and browsers using IE 6's engine) are the only ones to implement it, and they do so by default. One of the "options" is to include all cookies, or block all cookies that do not have a P3P policy attached to them. Until P3P is more widely implemented, just imagine the havock this will play with third-party stats or link exchanges or the like. :/

    I was reading up on it at work today, since most of our sites (and ours aren't the only ones) depend a lot on cookies.

    There are three ways to include a policy:
    a) in the "well-known place" ... http://domain.com/w3c/p3p.xml
    That only works if you have access to the root domain.
    b) in the meta tags ... the ease of that depends on if you manipulate meta tags at the server level or just in the pages themselves.
    c) as a <link .... > tag in the html file's head area.

    Options b & c allow you to have the policy files where you want or can get to.

    There's a lot more involved ... the policy files have to be well-formed XML ... they suggest for cookies, you also have "compact policies" as meta-type tags in the html files ... etc.

    But the whole premise is to define what information the site collects and how it is going to be used, so that users can decide if they want to give you information or not.

    I'm still reading through the specification, so I'm not going to go into much more detail, 'sides, that would make for a book of a post.

    There are editors out to create base policy files, links to them can be found on the W3's site. I've looked at two already. Will have to look at them again after reading the specs. They might make more sense then.

    Should a section be started for P3P?
    ---------------------------------------------------
    "Philosophy will clip an angel's wings."
    By John Keats
    ---------------------------------------------------

  5. #5
    ********* Callithumpian silver trophy freakysid's Avatar
    Join Date
    Jun 2000
    Location
    Sydney, Australia
    Posts
    3,798
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Hi - yes I have had major problems with IE6 and cookies. I am obviously doing some thing wrong. I will post more about it tomorow because I need some help. Right now it is Sunday, and I am too lazy .

    But, I just wanted to post saying that AFAIK, IE6 is not using the full P3P XML policy for its implimentation, but rather the compact P3P policy which you either send in your headers or embed in a META tag.

    Well, in order to generate this mystical compact P3P policy, I used IBMs P3P generator tool which generates a XML P3P policy, a plain english HTML version and the compact P3P policy for use in your headers. But obvioulsy I am still doing something wrong with my cookies. Most users have no problems with my cookies. It's just the odd <1% who tells me that no matter how low they set their security settings, my cookies are not being accepted. Blah.

    http://www.alphaworks.ibm.com/tech/p3peditor

    But in any case, my understanding is that if you are setting a cookie that expires at the end of the current session, and that is from the same domain as the requested page, then under normal security settings IE6 is going to accept the cookie without needing any accompanying compact P3P policy.

  6. #6
    SitePoint Member
    Join Date
    Feb 2002
    Posts
    4
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Thanks. :)

    Thanks, FreakySid.

    I looked at IBM's P3PEditor ... but as I ahdn't read anything yet, I found it confusing. Like I said, I'll have to go look again when I'm done with the spec.

    A couple of the sites we do give users the option of letting cookies expire at the end of the session, or saving the cookies, so this will be/is an issue for us.

    And thanks for the note about the compact policies. I haven't read up on MS's description yet of what they are supporting of P3P, but that's oing on the reading list. But that can wait until I'm not ready to pass out.
    ---------------------------------------------------
    "Philosophy will clip an angel's wings."
    By John Keats
    ---------------------------------------------------

  7. #7
    SitePoint Member
    Join Date
    Feb 2002
    Posts
    4
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    oh ...

    I have found some discussion about P3p in another forum, but nothing more then general discussions about it, and so far, nothing more recent then last August. If anyone was interest...

    http://www.webmasterworld.com/forum21/788.htm
    ---------------------------------------------------
    "Philosophy will clip an angel's wings."
    By John Keats
    ---------------------------------------------------

  8. #8
    SitePoint Wizard holmescreek's Avatar
    Join Date
    Mar 2001
    Location
    Northwest Florida
    Posts
    1,707
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Ethical Question

    Since a site was correctly developed in the past, using the current standards at the time, should the client be charged to add P3P implementation to their existing site?


    Creating the policy file seems straight forward, however, I'm still having trouble with a site accessing an ssl connection through a frame that uses cookies.

    It seems with the validator at http://www.w3.org/P3P/validator.html

    Whenever I put in something like :

    https://ssl3.webex.net/westernerinc/ that the validator strips the /westernerinc/ and cannot find my policy file. Any suggestions.

    Btw, I'm calling a PERL/CGI using an ssl connection through the frame.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •