W3C home > Mailing lists > Public > www-p3p-policy@w3.org > November 2003

Re: Major problem with P3P

From: Lorrie Cranor <lorrie@research.att.com>
Date: Sun, 16 Nov 2003 09:46:13 -0500
Cc: Kevin Day <kevin@riskebiz.com>, www-p3p-policy@w3.org
To: Rigo Wenning <rigo@w3.org>
Message-Id: <A007735E-1843-11D8-B97E-000393DC889A@research.att.com>

This article provides more info about the interaction between P3P, 
cookies, and IE6:


On Sunday, November 16, 2003, at 08:50  AM, Rigo Wenning wrote:

> The default caching time of P3P is 24 hours. You can even set it 
> higher.
> If someone altered the security settings in IE to see wether it runs
> even in high-mode or something, the cookie gets blocked and IE 
> remembers
> that decision for at least 24 hours.
> Look into the IE documentation to see how to switch off or use the TST
> (Test) token before going live.
> Also note, that you have to have a full policy. Compact format alone is
> not sufficient and "make IE happy" headers are legally dangerous.
> Best,
> -- 
> Rigo Wenning            W3C/ERCIM
> Policy Analyst          Privacy Activity Lead
> mail:rigo@w3.org        2004, Routes des Lucioles
> http://www.w3.org/      F-06902 Sophia Antipolis
> On Sun, Nov 16, 2003 at 02:42:16AM -0800, Kevin Day wrote:
>> We have a site that uses third party cookies in frames.  IE 6 was 
>> blocking
>> the login, so we set up P3P.  At first it did not work, but then I 
>> read a
>> post about including the CP code in the header and then it worked 
>> perfectly
>> for a couple of hours.  Then all of the sudden it stopped working, 
>> and now
>> cookies can no longer be used on any web page at this domain, 
>> regardless of
>> security settings and browser, and this is a serious problem for us.  
>> I have
>> no idea what could cause this, can you help?
>> Kevin
Received on Sunday, 16 November 2003 09:46:16 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 20:01:09 UTC