W3C home > Mailing lists > Public > www-p3p-policy@w3.org > March 2003

Re: Strange Policy Problem

From: Lorrie Cranor <lorrie@research.att.com>
Date: Wed, 5 Mar 2003 11:48:58 -0500
Cc: <www-p3p-policy@w3.org>
To: "Carter St.Clair" <carter@codeinfusion.com>
Message-Id: <5C6C0203-4F2A-11D7-B067-000393DC889A@research.att.com>


On Wednesday, March 5, 2003, at 11:24  AM, Carter St.Clair wrote:

> I'm waiting to hear back about whether it is a session cookie or not.  
> But,
> to see example of this, you can go to www.wbranch.com, click on "Get 
> Info",
> fill out form and you should see the privacy report on the thank you 
> page.

I tried it but I don't see any cookie blocking. I also tried to view 
the privacy report on the thank you page and it did not come up. 
wbranch.com does not appear to be P3P enabled. The privacy report also 
did not list any cookies at all.

Lorrie



>
> This is very strange - I've helped many people solve cookie problems 
> with
> P3P, but this one has me stumped.
>
> Thanks,
>
> -Carter St.Clair
>  http://codeinfusion.com
>  http://p3pedit.com
>
>
> ----- Original Message -----
> From: "Lorrie Cranor" <lorrie@research.att.com>
> To: "Carter St.Clair" <carter@codeinfusion.com>
> Cc: <www-p3p-policy@w3.org>
> Sent: Wednesday, March 05, 2003 10:59 AM
> Subject: Re: Strange Policy Problem
>
>
>> Do you have a test URL where I can see what happens with the framing?
>> The URL you sent doesn't involve any frames.
>>
>> Also, can you confirm that the cookie in question is a session cookie?
>> If so, I don't understand why it would be blocked at all except
>> possibly on the high setting. Did you confirm that the cookie being
>> blocked is the cookie you care about? Maybe there is a cookie stored 
>> in
>> your browser that gets sent back with the https frame that has nothing
>> to do with what you are trying to test?
>>
>> Sometimes it is also useful to test with Netscape 7 to track down 
>> these
>> sorts of problems because you can get more detailed cookie 
>> information.
>>
>> Lorrie
>>
>>
>> On Wednesday, March 5, 2003, at 10:30  AM, Carter St.Clair wrote:
>>
>>> Hi Lorrie,
>>> The cookie is blocked when you create a test HTML file and then frame
>>> the
>>> https URL in it, and view it from a webserver.  If I frame the https
>>> URL in
>>> a standard HTML page and view it from my hard drive, there is no
>>> problem.
>>> But when I upload the page to a webserver, and then request the page,
>>> the
>>> framed https URL shows a blocked cookie in the IE6 privacy report.
>>> When I
>>> change the framed URL to http (instead of https), no cookie is 
>>> blocked.
>>>
>>> Any ideas?
>>>
>>> -Carter St.Clair
>>>  http://codeinfusion.com
>>>  http://p3pedit.com
>>>
>>>
>>> ----- Original Message -----
>>> From: "Lorrie Cranor" <lorrie@research.att.com>
>>> To: "Carter St.Clair" <carter@codeinfusion.com>
>>> Cc: <www-p3p-policy@w3.org>
>>> Sent: Wednesday, March 05, 2003 9:40 AM
>>> Subject: Re: Strange Policy Problem
>>>
>>>
>>>> I just took a look and I don't see cookies being blocked with either
>>>> URL. I see one session cookie being set. Under the default setting 
>>>> in
>>>> IE6 session cookies are never blocked.
>>>>
>>>> How do you know your cookie is being blocked? Because you see a red
>>>> eye
>>>> in IE6 or because your application is not functioning properly? If 
>>>> it
>>>> is the red eye you are seeing, click on it and see whether the 
>>>> cookie
>>>> being blocked is the cookie you think it is. You may want to try
>>>> removing your cookies and restarting your browser. If the problem is
>>>> that your application is not functioning properly but you don't
>>>> actually see the red eye, than the IE6 cookie blocking is unlikely 
>>>> to
>>>> be the culprit.
>>>>
>>>> Lorrie
>>>>
>>>>
>>>> On Tuesday, March 4, 2003, at 03:46  PM, Carter St.Clair wrote:
>>>>
>>>>>
>>>>> Here's a strange one for me - I've got a client who's website has a
>>>>> valid
>>>>> P3P policy and compact policy.  When framing his URL using SSL, the
>>>>> cookie
>>>>> is blocked in IE6:
>>>>>
>>>>> https://seodirector.com/seotracking/
>>>>> record_order.asp?strSource=null&intTrack
>>>>> ingID=null&intOrderTotal=1&intOrderID=WB
>>>>>
>>>>> But when framing the same site without SSL, the cookie is not
>>>>> blocked:
>>>>>
>>>>> http://seodirector.com/seotracking/
>>>>> record_order.asp?strSource=null&intTracki
>>>>> ngID=null&intOrderTotal=1&intOrderID=WB
>>>>>
>>>>> Any idea why SSL is causing IE6 to block this cookie?  Both
>>>>> referenced
>>>>> URLs
>>>>> have valid compact policies that are acceptable by IE6, and the 
>>>>> http
>>>>> one
>>>>> works fine.
>>>>>
>>>>> Thanks for any input,
>>>>>
>>>>> -Carter St.Clair
>>>>>  http://codeinfusion.com
>>>>>  http://p3pedit.com
>>>>>
>>>>>
>>>
>
Received on Wednesday, 5 March 2003 11:48:01 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 17 January 2012 12:13:10 GMT