W3C home > Mailing lists > Public > www-p3p-policy@w3.org > March 2003

Re: Strange Policy Problem

From: Lorrie Cranor <lorrie@research.att.com>
Date: Wed, 5 Mar 2003 10:59:06 -0500
Cc: <www-p3p-policy@w3.org>
To: "Carter St.Clair" <carter@codeinfusion.com>
Message-Id: <649EF705-4F23-11D7-B067-000393DC889A@research.att.com>

Do you have a test URL where I can see what happens with the framing? 
The URL you sent doesn't involve any frames.

Also, can you confirm that the cookie in question is a session cookie? 
If so, I don't understand why it would be blocked at all except 
possibly on the high setting. Did you confirm that the cookie being 
blocked is the cookie you care about? Maybe there is a cookie stored in 
your browser that gets sent back with the https frame that has nothing 
to do with what you are trying to test?

Sometimes it is also useful to test with Netscape 7 to track down these 
sorts of problems because you can get more detailed cookie information.


On Wednesday, March 5, 2003, at 10:30  AM, Carter St.Clair wrote:

> Hi Lorrie,
> The cookie is blocked when you create a test HTML file and then frame 
> the
> https URL in it, and view it from a webserver.  If I frame the https 
> URL in
> a standard HTML page and view it from my hard drive, there is no 
> problem.
> But when I upload the page to a webserver, and then request the page, 
> the
> framed https URL shows a blocked cookie in the IE6 privacy report.  
> When I
> change the framed URL to http (instead of https), no cookie is blocked.
> Any ideas?
> -Carter St.Clair
>  http://codeinfusion.com
>  http://p3pedit.com
> ----- Original Message -----
> From: "Lorrie Cranor" <lorrie@research.att.com>
> To: "Carter St.Clair" <carter@codeinfusion.com>
> Cc: <www-p3p-policy@w3.org>
> Sent: Wednesday, March 05, 2003 9:40 AM
> Subject: Re: Strange Policy Problem
>> I just took a look and I don't see cookies being blocked with either
>> URL. I see one session cookie being set. Under the default setting in
>> IE6 session cookies are never blocked.
>> How do you know your cookie is being blocked? Because you see a red 
>> eye
>> in IE6 or because your application is not functioning properly? If it
>> is the red eye you are seeing, click on it and see whether the cookie
>> being blocked is the cookie you think it is. You may want to try
>> removing your cookies and restarting your browser. If the problem is
>> that your application is not functioning properly but you don't
>> actually see the red eye, than the IE6 cookie blocking is unlikely to
>> be the culprit.
>> Lorrie
>> On Tuesday, March 4, 2003, at 03:46  PM, Carter St.Clair wrote:
>>> Here's a strange one for me - I've got a client who's website has a
>>> valid
>>> P3P policy and compact policy.  When framing his URL using SSL, the
>>> cookie
>>> is blocked in IE6:
>>> https://seodirector.com/seotracking/
>>> record_order.asp?strSource=null&intTrack
>>> ingID=null&intOrderTotal=1&intOrderID=WB
>>> But when framing the same site without SSL, the cookie is not 
>>> blocked:
>>> http://seodirector.com/seotracking/
>>> record_order.asp?strSource=null&intTracki
>>> ngID=null&intOrderTotal=1&intOrderID=WB
>>> Any idea why SSL is causing IE6 to block this cookie?  Both 
>>> referenced
>>> URLs
>>> have valid compact policies that are acceptable by IE6, and the http
>>> one
>>> works fine.
>>> Thanks for any input,
>>> -Carter St.Clair
>>>  http://codeinfusion.com
>>>  http://p3pedit.com
Received on Wednesday, 5 March 2003 10:58:07 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 20:01:08 UTC