W3C home > Mailing lists > Public > www-p3p-policy@w3.org > February 2002

Reading cookies as a 3rd party.

From: Kim Hahn <KHahn@digitalimpact.com>
Date: Tue, 19 Feb 2002 18:35:19 -0800
Message-ID: <D09EEBE0D49B4748B8276F91C3C3FA65051F6BD3@DIEXGSM1.digitalimpact.com>
To: "'www-p3p-policy@w3.org'" <www-p3p-policy@w3.org>
Hello, 

I have two applications, one that sets a persistant 1st party cookie, and
another which later reads the cookie with sensing code sitting on an
external client page. The sensing code never tries to set the cookie, just
reads it.

The setting application has PRF, P3P and written policies hosted, and sends
the correct compact policy header. The reading application has no privacy
compliancy (we are doing a phased implementation where we we reconfigure the
setting apps first). The calling application also sits in a nested virtual
directory on our IIS5 servers.

On the client page I am getting what seems to be inconsistant behavior - the
cookie is read and processed by the sensor code, but IE6 displays a privacy
alert and the privacy report says the cookie is blocked. How can the cookie
be blocked if it's being read? I tried moving the calling app out of the
nested virtual directory into the one above and the privacy alert
dissappeared. 

I'm at a loss. Do you have any suggestions as to what's going on? 

Kim
Received on Tuesday, 19 February 2002 21:36:00 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 17 January 2012 12:13:10 GMT