- From: Lorrie Cranor <lorrie@research.att.com>
- Date: Mon, 17 Dec 2001 09:21:35 -0500
- To: <www-p3p-policy@w3.org>
Jess and I have been discusing this problem and have discovered that his server is not including the CP on every request. In particular it is not sending the CP on requests to a URL that contains a & character. In the process of figuring this out, we found a bug in the W3C validator that was causing the header checker to omit the parts of a URL after the & character. This has since been fixed. Remember & is a special character that may need to be escaped in your configuration files -- the escape code is %3F If you want to verify that your server is really sending the CP, use the P3P validator http://www.w3.org/P3P/validator/ and pay attention to the output it gives for "step 2" -- if it doesn't say anything about a CP, your server isn't sending the header. Lorrie ----- Original Message ----- From: "Speicher, Kevin" <Kevin.Speicher@globeinteractive.com> To: <www-p3p-policy@w3.org> Cc: <jesso2000@earthlink.net> Sent: Monday, December 17, 2001 8:19 AM Subject: RE: 3rd-party cookies not working > Jess: > > We've noticed that some releases (non-beta) of IE 6 behave differently than > others with respect to our third party context cookie. > > It may not be your cookie, it may be your browser that's causing your > grief. > > ________________ > Kevin Speicher > Director of News Special Projects > Bell Globemedia Interactive > > > -----Original Message----- > From: jesso2000@earthlink.net [mailto:jesso2000@earthlink.net] > Sent: December 14, 2001 07:34 PM > To: www-p3p-policy@w3.org > Subject: 3rd-party cookies not working > > > Well, after literally a week of research and testing I still can't get IE6 > to read our cookies in a 3rd-party setting - it continually blocks them > in the default medium setting. We are sending our CP in all headers, > all the tools we've tried such as http://www.davidjonathangrant.info/p3p/ > say that everything we're doing is correct, etc. etc. but the cookies > just can't be read in a 3rd-party setting at the default medium level. > > What I really don't understand is that according to IE6 there are only > 2 circumstances in which a 3rd-party cookie will be blocked in the > default medium setting. And I quote: > > Medium > > - Blocks third-party cookies that do not have a compact privacy policy > > - Blocks third-party cookies that use personally identifiable information > without your implicit consent. > > The thing that kills is that neither of these cases is true, so why would > IE6 be blocking our cookies? We do have a compact privacy policy with > the correct CP header being sent with all requests, and it states that we > do not use personally identifiable information, so how the heck can IE6 > block our cookies? Is anyone successfully using 3rd-party cookies that > actually work properly in the default medium setting? If so I would give > my first born for the details. Is this a bug in IE6 or am I missing > something? > > Thanks, > > Jess > >
Received on Monday, 17 December 2001 09:22:04 UTC