W3C home > Mailing lists > Public > www-p3p-policy@w3.org > March 2003

Re: Strange Policy Problem

From: Carter St.Clair <carter@codeinfusion.com>
Date: Wed, 5 Mar 2003 12:56:53 -0500
Message-ID: <001601c2e340$9c6ebbb0$0101a8c0@carter>
To: "Lorrie Cranor" <lorrie@research.att.com>
Cc: <www-p3p-policy@w3.org>, <koike_4@mmp.cl.nec.co.jp>

OK,
This came down to an issue with the compact policy that I didn't notice, and
the P3P validator missed as well.  I'll CC: Yuichi on this so that he can
note it on the validator front page.

The client had formatted his compact policy as such:
P3P:NOI DSP COR NID CUR OUR NOR

Instead of the correct way:
P3P:CP="NOI DSP COR NID CUR OUR NOR"

Hopefully this will help someone with a similar problem in the future.

-Carter St.Clair
 http://codeinfusion.com
 http://p3pedit.com


----- Original Message -----
From: "Lorrie Cranor" <lorrie@research.att.com>
To: "Carter St.Clair" <carter@codeinfusion.com>
Cc: <www-p3p-policy@w3.org>
Sent: Wednesday, March 05, 2003 11:48 AM
Subject: Re: Strange Policy Problem


>
> On Wednesday, March 5, 2003, at 11:24  AM, Carter St.Clair wrote:
>
> > I'm waiting to hear back about whether it is a session cookie or not.
> > But,
> > to see example of this, you can go to www.wbranch.com, click on "Get
> > Info",
> > fill out form and you should see the privacy report on the thank you
> > page.
>
> I tried it but I don't see any cookie blocking. I also tried to view
> the privacy report on the thank you page and it did not come up.
> wbranch.com does not appear to be P3P enabled. The privacy report also
> did not list any cookies at all.
>
> Lorrie
>
>
>
> >
> > This is very strange - I've helped many people solve cookie problems
> > with
> > P3P, but this one has me stumped.
> >
> > Thanks,
> >
> > -Carter St.Clair
> >  http://codeinfusion.com
> >  http://p3pedit.com
> >
> >
> > ----- Original Message -----
> > From: "Lorrie Cranor" <lorrie@research.att.com>
> > To: "Carter St.Clair" <carter@codeinfusion.com>
> > Cc: <www-p3p-policy@w3.org>
> > Sent: Wednesday, March 05, 2003 10:59 AM
> > Subject: Re: Strange Policy Problem
> >
> >
> >> Do you have a test URL where I can see what happens with the framing?
> >> The URL you sent doesn't involve any frames.
> >>
> >> Also, can you confirm that the cookie in question is a session cookie?
> >> If so, I don't understand why it would be blocked at all except
> >> possibly on the high setting. Did you confirm that the cookie being
> >> blocked is the cookie you care about? Maybe there is a cookie stored
> >> in
> >> your browser that gets sent back with the https frame that has nothing
> >> to do with what you are trying to test?
> >>
> >> Sometimes it is also useful to test with Netscape 7 to track down
> >> these
> >> sorts of problems because you can get more detailed cookie
> >> information.
> >>
> >> Lorrie
> >>
> >>
> >> On Wednesday, March 5, 2003, at 10:30  AM, Carter St.Clair wrote:
> >>
> >>> Hi Lorrie,
> >>> The cookie is blocked when you create a test HTML file and then frame
> >>> the
> >>> https URL in it, and view it from a webserver.  If I frame the https
> >>> URL in
> >>> a standard HTML page and view it from my hard drive, there is no
> >>> problem.
> >>> But when I upload the page to a webserver, and then request the page,
> >>> the
> >>> framed https URL shows a blocked cookie in the IE6 privacy report.
> >>> When I
> >>> change the framed URL to http (instead of https), no cookie is
> >>> blocked.
> >>>
> >>> Any ideas?
> >>>
> >>> -Carter St.Clair
> >>>  http://codeinfusion.com
> >>>  http://p3pedit.com
> >>>
> >>>
> >>> ----- Original Message -----
> >>> From: "Lorrie Cranor" <lorrie@research.att.com>
> >>> To: "Carter St.Clair" <carter@codeinfusion.com>
> >>> Cc: <www-p3p-policy@w3.org>
> >>> Sent: Wednesday, March 05, 2003 9:40 AM
> >>> Subject: Re: Strange Policy Problem
> >>>
> >>>
> >>>> I just took a look and I don't see cookies being blocked with either
> >>>> URL. I see one session cookie being set. Under the default setting
> >>>> in
> >>>> IE6 session cookies are never blocked.
> >>>>
> >>>> How do you know your cookie is being blocked? Because you see a red
> >>>> eye
> >>>> in IE6 or because your application is not functioning properly? If
> >>>> it
> >>>> is the red eye you are seeing, click on it and see whether the
> >>>> cookie
> >>>> being blocked is the cookie you think it is. You may want to try
> >>>> removing your cookies and restarting your browser. If the problem is
> >>>> that your application is not functioning properly but you don't
> >>>> actually see the red eye, than the IE6 cookie blocking is unlikely
> >>>> to
> >>>> be the culprit.
> >>>>
> >>>> Lorrie
> >>>>
> >>>>
> >>>> On Tuesday, March 4, 2003, at 03:46  PM, Carter St.Clair wrote:
> >>>>
> >>>>>
> >>>>> Here's a strange one for me - I've got a client who's website has a
> >>>>> valid
> >>>>> P3P policy and compact policy.  When framing his URL using SSL, the
> >>>>> cookie
> >>>>> is blocked in IE6:
> >>>>>
> >>>>> https://seodirector.com/seotracking/
> >>>>> record_order.asp?strSource=null&intTrack
> >>>>> ingID=null&intOrderTotal=1&intOrderID=WB
> >>>>>
> >>>>> But when framing the same site without SSL, the cookie is not
> >>>>> blocked:
> >>>>>
> >>>>> http://seodirector.com/seotracking/
> >>>>> record_order.asp?strSource=null&intTracki
> >>>>> ngID=null&intOrderTotal=1&intOrderID=WB
> >>>>>
> >>>>> Any idea why SSL is causing IE6 to block this cookie?  Both
> >>>>> referenced
> >>>>> URLs
> >>>>> have valid compact policies that are acceptable by IE6, and the
> >>>>> http
> >>>>> one
> >>>>> works fine.
> >>>>>
> >>>>> Thanks for any input,
> >>>>>
> >>>>> -Carter St.Clair
> >>>>>  http://codeinfusion.com
> >>>>>  http://p3pedit.com
> >>>>>
> >>>>>
> >>>
> >
Received on Wednesday, 5 March 2003 12:56:56 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 17 January 2012 12:13:10 GMT