RE: Policy Expiration Date and Cookie Expiration from Jeff Finkelstein on 2003-10-29 (www-p3p-policy@w3.org from October 2003)

From: Jeff Finkelstein <jeff@customerparadigm.com>
Date: Wed, 29 Oct 2003 11:40:30 -0700
To: "Www-P3p-Policy@W3. Org" <www-p3p-policy@w3.org>
Message-ID: <GDEHKLKCMFEMBPJCPEIAOEKIEGAA.jeff@customerparadigm.com>

Megan--

You *do* have to set an expiration date for a cookie in order for it to work
properly and not have problems with the user's browser caching content.

I'd recommend perhaps setting the cookie to use a relative lifetime value of
one hour; this way you can overwrite the values.  The only drawback: if the
user leaves the page open in question for more than an hour, the cookie may
be blocked after the 1 hour session expires.  Test this out... and perhaps
extend it to one day...

hope this helps,

-- jeff


Jeff Finkelstein
Customer Paradigm
mailto:jeff@customerparadigm.com
303.473.4400 x 11


Read our latest case study:
Customer Paradigm Boosts Trade Show, Convention Business to Denver by 20%
http://www.customerparadigm.com/denver-trade-show-case-study.htm

.................................................
Free Newsletter: http://www.customerparadigm.com/newsletter.htm
Email Marketing: http://www.customerparadigm.com/email/index.htm
Privacy Consulting: http://www.customerparadigm.com/privacyconsulting.htm
.................................................

This email powered by Friendly Wind Power
Click Here: http://www.CustomerParadigm.com/wind.htm



-----Original Message-----
From: www-p3p-policy-request@w3.org
[mailto:www-p3p-policy-request@w3.org]On Behalf Of Megan Cross
Sent: Wednesday, October 29, 2003 11:30 AM
To: www-p3p-policy@w3.org
Subject: Policy Expiration Date and Cookie Expiration



We are trying to implement a P3P policy, and we have some questions about
the expiration dates on cookies.

Given the following situation:
We set a cookie on 11/01/2003 that expires in 1 year.   We want to have a
shorter expiration date on our privacy policy so that we can change it if
necessary, and we overwrite the cookie with every page hit.

Do we still need to set the expiration date on the policy to be as long as
the cookie expiration date?  I read somewhere that as long as we reset the
cookie each time, this is not necessary.

Many thanks for any assistance on this.

Megan Cross

Received on Wednesday, 29 October 2003 13:40:20 UTC