W3C home > Mailing lists > Public > www-p3p-policy@w3.org > November 2003

Re: Major problem with P3P

From: Rigo Wenning <rigo@w3.org>
Date: Sun, 16 Nov 2003 14:50:52 +0100
To: Kevin Day <kevin@riskebiz.com>
Cc: www-p3p-policy@w3.org
Message-ID: <20031116135052.GC727@rigo.w3.org>

The default caching time of P3P is 24 hours. You can even set it higher.
If someone altered the security settings in IE to see wether it runs
even in high-mode or something, the cookie gets blocked and IE remembers
that decision for at least 24 hours. 

Look into the IE documentation to see how to switch off or use the TST
(Test) token before going live.

Also note, that you have to have a full policy. Compact format alone is
not sufficient and "make IE happy" headers are legally dangerous. 

Rigo Wenning            W3C/ERCIM
Policy Analyst          Privacy Activity Lead
mail:rigo@w3.org        2004, Routes des Lucioles
http://www.w3.org/      F-06902 Sophia Antipolis

On Sun, Nov 16, 2003 at 02:42:16AM -0800, Kevin Day wrote:
> We have a site that uses third party cookies in frames.  IE 6 was blocking
> the login, so we set up P3P.  At first it did not work, but then I read a
> post about including the CP code in the header and then it worked perfectly
> for a couple of hours.  Then all of the sudden it stopped working, and now
> cookies can no longer be used on any web page at this domain, regardless of
> security settings and browser, and this is a serious problem for us.  I have
> no idea what could cause this, can you help?
> Kevin
Received on Sunday, 16 November 2003 08:51:30 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 20:01:09 UTC