W3C home > Mailing lists > Public > www-p3p-dev@w3.org > April 2002

Re: no cookies at 3rd party

From: beheer <beheer@willywortel.nl>
Date: Fri, 5 Apr 2002 19:05:27 +0200
Message-Id: <200204051905.AA3735702@willywortel.nl>
To: <www-p3p-dev@w3c.org>
Hi,

>In order to prevent IE6 from blocking third-party cookies you
>must have a "satisfactory" P3P compact policy in the
>same HTTP response that contains the set-cookie headers.

Right. So what any third party cookiebakery could do now is send an "innocent" header like P3P: CP="NOI ADM DEV PSAi COM
NAV OUR OTRo STP IND DEM" and their cookies will be accepted no matter what the privacy settings.
The relevance of this possibility should be discussed in some other forum I guess, but from a technical point of view it
seems a bit fluffy to me.

In the mean time it still seems strange that if a MSIE 6 user decides to accept all cookies from a certain domain the
browser does not seem to adjust it's privacy settings. That too is a concern for some other list - and for some other
company -, I guess.

Cheers,

Marko

[ PHP-developers: http://www.php.net/manual/en/function.setcookie.php ]
Received on Friday, 5 April 2002 12:04:26 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 18 June 2010 00:12:47 GMT