W3C home > Mailing lists > Public > www-p3p-dev@w3.org > June 2002

Re: [Moderator Action] 3rd party cookies again

From: Lorrie Cranor <lorrie@research.att.com>
Date: Mon, 3 Jun 2002 10:02:07 -0400
Message-ID: <00f701c20b07$49066e30$9816cf87@barbaloot>
To: <jeff@customerparadigm.com>, "Rigo Wenning" <rigo@w3.org>, "Smith" <dirwlf@hotmail.com>
Cc: <www-p3p-dev@w3.org>

I'm pretty sure the problem in this case is a missing comma.
Here is the P3P header:

P3P: policyref="/w3c/p3p.xml" CP="NON DSP COR PSDa OUR NOR UNI"

A comma is needed after the policyref, before the CP

Lorrie


----- Original Message -----
From: "Jeff Finkelstein" <jeff@customerparadigm.com>
To: "Rigo Wenning" <rigo@w3.org>; "Smith" <dirwlf@hotmail.com>
Cc: <www-p3p-dev@w3.org>
Sent: Monday, June 03, 2002 10:00 AM
Subject: RE: [Moderator Action] 3rd party cookies again


>
> Microsoft's IE 6.0 Browser has a built-in P3P privacy policy reader.  It
> treats third party (different domains than the one displayed in the
address
> bar) as sites that are trying to build a profile -- like a third party
> advertising server company.  If you are using cookies from a frameset on
> your third party site, your cookies (shopping carts, state management,
> tracking systems, etc) will be blocked if you do not have a P3P privacy
and
> a compact privacy policy.
>
> Most likely your issue is a cache issue...  When testing, make sure that
you
> completely clear your cache --
> Tools --> Internet Options --> Delete Files --> Check 'Delete All Offline
> Content' --> Hit Okay.
>
> Depending on when you last cleared your cache, this may take some time.
>
>
> Hope this helps,
>
> Jeff
>
>
> Jeff Finkelstein
> Customer Paradigm
> mailto:jeff@customerparadigm.com
> 303.473.4400 x 11
>
> Read my latest article, "45% of U.S. Population Has Email. Is Your
Business
> Ready?"
> http://www.customerparadigm.com/article.htm
>
>
>
>
> -----Original Message-----
> From: www-p3p-dev-request@w3.org [mailto:www-p3p-dev-request@w3.org]On
> Behalf Of Rigo Wenning
> Sent: Monday, June 03, 2002 7:43 AM
> To: Smith
> Cc: www-p3p-dev@w3.org
> Subject: Re: [Moderator Action] 3rd party cookies again
>
>
>
> Do you send this header already with the set-cookie-event? That's the
> time IE6 is evaluating your policy. For more info on IE6 look at
> http://msdn.microsoft.com/library/en-us/dnpriv/html/ie6privacyfeature.asp
>
> So if your cookie is set without P3P-header, IE6 will block it. Try
> that. If it doesn't work, you might want to consider different data
> collection practices..
>
> Best,
> --
> Rigo Wenning            W3C/INRIA
> Policy Analyst          Privacy Activity Lead
> mail:rigo@w3.org        2004, Routes des Lucioles
> http://www.w3.org/      F-06902 Sophia Antipolis
>
>
> On Thu, May 30, 2002 at 06:22:22PM -0400, Smith wrote:
> > OK, I have looked and looked but I have seen no good solutions. I have a
> compact policy in my header:
> >
> > P3P: policyref="/w3c/p3p.xml" CP="NON DSP COR PSDa OUR NOR UNI"
> >
> > I have a site that uses my site inside a frameset so our cookies are
> coming through as 3rd party. I have my brower set on medium (default) and
it
> will not let me navigate the site. The w3c validator gives me no errors at
> all. What exactly do I have to do to get IE6 to let session cookies come
> from my site through someone else's frameset?
> >
> > Trying.
>
>
>
>
Received on Monday, 3 June 2002 10:13:28 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 18 June 2010 00:12:47 GMT