- From: beheer <beheer@willywortel.nl>
- Date: Fri, 5 Apr 2002 19:05:27 +0200
- To: <www-p3p-dev@w3c.org>
Hi, >In order to prevent IE6 from blocking third-party cookies you >must have a "satisfactory" P3P compact policy in the >same HTTP response that contains the set-cookie headers. Right. So what any third party cookiebakery could do now is send an "innocent" header like P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" and their cookies will be accepted no matter what the privacy settings. The relevance of this possibility should be discussed in some other forum I guess, but from a technical point of view it seems a bit fluffy to me. In the mean time it still seems strange that if a MSIE 6 user decides to accept all cookies from a certain domain the browser does not seem to adjust it's privacy settings. That too is a concern for some other list - and for some other company -, I guess. Cheers, Marko [ PHP-developers: http://www.php.net/manual/en/function.setcookie.php ]
Received on Friday, 5 April 2002 12:04:26 UTC