RE: [Moderator Action] 3rd party cookies again from Jeff Finkelstein on 2002-06-03 (www-p3p-dev@w3.org from June 2002)

From: Jeff Finkelstein <jeff@customerparadigm.com>
Date: Mon, 3 Jun 2002 08:00:19 -0600
To: "Rigo Wenning" <rigo@w3.org>, "Smith" <dirwlf@hotmail.com>
Cc: <www-p3p-dev@w3.org>
Message-ID: <LLEIJMNOCMGCCNFMEJPGIEMPCMAA.jeff@customerparadigm.com>

Microsoft's IE 6.0 Browser has a built-in P3P privacy policy reader.  It
treats third party (different domains than the one displayed in the address
bar) as sites that are trying to build a profile -- like a third party
advertising server company.  If you are using cookies from a frameset on
your third party site, your cookies (shopping carts, state management,
tracking systems, etc) will be blocked if you do not have a P3P privacy and
a compact privacy policy.

Most likely your issue is a cache issue...  When testing, make sure that you
completely clear your cache --
Tools --> Internet Options --> Delete Files --> Check 'Delete All Offline
Content' --> Hit Okay.

Depending on when you last cleared your cache, this may take some time.

Hope this helps,

Jeff

Jeff Finkelstein
Customer Paradigm
mailto:jeff@customerparadigm.com
303.473.4400 x 11

Read my latest article, "45% of U.S. Population Has Email. Is Your Business
Ready?"
http://www.customerparadigm.com/article.htm

-----Original Message-----
From: www-p3p-dev-request@w3.org [mailto:www-p3p-dev-request@w3.org]On
Behalf Of Rigo Wenning
Sent: Monday, June 03, 2002 7:43 AM
To: Smith
Cc: www-p3p-dev@w3.org
Subject: Re: [Moderator Action] 3rd party cookies again

Do you send this header already with the set-cookie-event? That's the
time IE6 is evaluating your policy. For more info on IE6 look at
http://msdn.microsoft.com/library/en-us/dnpriv/html/ie6privacyfeature.asp

So if your cookie is set without P3P-header, IE6 will block it. Try
that. If it doesn't work, you might want to consider different data
collection practices..

Best,
--
Rigo Wenning            W3C/INRIA
Policy Analyst          Privacy Activity Lead
mail:rigo@w3.org        2004, Routes des Lucioles
http://www.w3.org/      F-06902 Sophia Antipolis

On Thu, May 30, 2002 at 06:22:22PM -0400, Smith wrote:
> OK, I have looked and looked but I have seen no good solutions. I have a
compact policy in my header:
>
> P3P: policyref="/w3c/p3p.xml" CP="NON DSP COR PSDa OUR NOR UNI"
>
> I have a site that uses my site inside a frameset so our cookies are
coming through as 3rd party. I have my brower set on medium (default) and it
will not let me navigate the site. The w3c validator gives me no errors at
all. What exactly do I have to do to get IE6 to let session cookies come
from my site through someone else's frameset?
>
> Trying.

Received on Monday, 3 June 2002 10:02:43 UTC