W3C home > Mailing lists > Public > www-p3p-policy@w3.org > October 2002

Re: IE6, cookies

From: Jeffrey Reichenberg <jreichenberg@modeln.com>
Date: Thu, 17 Oct 2002 13:02:09 -0700
Message-ID: <8BA189D7820EB64FB7726038DA9250D711123A@mail.modeln.com>
To: "'www-p3p-policy@w3.org'" <www-p3p-policy@w3.org>

Has anyone heard of IE6 SP1 ignoring its own stated privacy settings when
served from Apache Tomcat?  Specifically, Microsoft states that IE6 will
ALLOW ALL COOKIES within a "local intranet" zone.  This is not the case in
our configuration.  IE6 SP1 blocks our Tomcat JSESSIONId session cookie,
stating that no p3p policy is place -- even when the "zone" is indicated as
"Local Intranet".

We've tried all kind of things to no avail:  IE6 will block the cookie even
if we set privacy preferences to "Accept All Cookies", AND even if we add a
compact policy and full policy reference (*.xml) in the HTTP header.  The
problem is evident when running off both our Linux and Windows servers.
Needless to say, this occurs when we access the servers over the Internet,
but NOT when we access a windows server locally using "http://localhost:..."

It's very strange because one of our development web servers (a linux box)
does not suffer from this problem.  All of our development servers use
Tomcat 3.2.3 and serve JSPs -- we can't see any significant difference
between the one that causes IE6 to allow cookies and those that don't.  They
run identical Java code.  Any ideas?

Thanks!

- Jeff Reichenberg

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Jeff Reichenberg	
Model N, Inc.
http://www.modeln.com/
phone: 650-808-8239
fax: 650-808-8399
email: jreichenberg@modeln.com
Received on Thursday, 17 October 2002 16:03:26 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 17 January 2012 12:13:10 GMT