W3C home > Mailing lists > Public > www-p3p-dev@w3.org > October 2003

Re: IE 6 on Windows XP Pro - Randomly Blocking Cookies

From: Rigo Wenning <rigo@w3.org>
Date: Fri, 31 Oct 2003 14:17:52 +0100
To: www-p3p-dev@w3.org
Message-ID: <20031031131752.GD967@rigo.w3.org>

On Thu, Oct 30, 2003 at 12:59:41PM -0600, Ralf Scharnowski wrote:
> I'm having difficulties with IE 6 randomly blocking cookies on my
> website, http://bargainbookstores.com <http://bargainbookstores.com/> .
> 
> This issue only appears to exist with Windows XP Pro and IE 6 w/ privacy
> set to medium or higher.  My site uses an apache server running a Miva
> Merchant shopping cart.  My static pages (index.htm, etc) do not
> generate or use cookies.  Miva Merchant does use cookies to link
> specific customers to their basket contents.

In those settings, IE only allows direct cookies. In higher settings, IE
blocks more cookies. As you closed the store for maintenance I can't
see, why things are randomly blocked.
> 
> The cookie blocking symbol often appears when opening the index page
> (www.bargainbookstores.com <http://www.bargainbookstores.com/>  or
> bargainbookstores.com) and indicates that it is blocking cookies for all
> my page link graphic files.  

I have seen only one cookie for the main page. Depending on the settings
in IE, this is blocked or not blocked but shouldn't be random.
> 
> The problem links stay within my domain (example:
> http://bargainbookstores.com/Merchant2/merchant.mv?Screen=SFNT
> <http://bargainbookstores.com/Merchant2/merchant.mv?Screen=SFNT&Store_Co
> de=bbs> &Store_Code=bbs  or http://bargainbookstores.com/au.htm)
> 
I tried, but it was closed for maintenance. So I can't help you
debugging. Without P3P compact implementation, you might run into
trouble as other browswers than IE implement also P3P. 
>  
> 
> I'm concerned about this issue because some customers are having trouble
> checking out and others are seeing the "do not enter" symbol at the
> bottom of IE 6.  I fear that this will chase away some customers.

That's the impact of P3P. Be privacy friendly to bind your customers.
> 
> I don't have a P3P in place but have noticed that the majority of other
> ecommerce sites don't either and I don't see the same problem occurring
> with those sites.  

Already 30% of the top 100 and over 20% of top 500 sites have
implemented P3P.
> 
> Does anyone have an idea as to what is causing this?
> 
Implement reasonable privacy practices, show them in P3P and implement
on your site and you get less trouble. 
>  
> 
> I would like to put a P3P in place but I am unable to do so because my
> host (Interland.com) refuses to add the proper line of code to the
> Apache server, furthermore, Miva Merchant refuses to accept the P3P CP
> data from Apache if correctly configured.   Any Ideas on working around
> this problem?

You can use the link-tag on your pages, so you don't need to change the
server configuration. Please see the Specification for more details. You
just add a link-tag like 
<link rel="P3Pv1" href="URI"> while URI is the location of the policy
reference file. 

There is a way to do headers with meta-tags in the pages too:

<meta http-equiv="P3P" content='CP="YOUR_CP" policyref="YOUR_REF_URI"'>
In this case you wouldn't need the link-tag.

But compare the thread under 
http://lists.w3.org/Archives/Public/www-p3p-policy/2001Oct/0007.html

Don't forget to test with the validator.

Best, 
-- 
Rigo Wenning            W3C/ERCIM
Policy Analyst          Privacy Activity Lead
mail:rigo@w3.org        2004, Routes des Lucioles
http://www.w3.org/      F-06902 Sophia Antipolis
Received on Friday, 31 October 2003 08:26:50 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 18 June 2010 00:12:47 GMT