RE: Reading cookies as a 3rd party. from Kim Hahn on 2002-02-20 (www-p3p-policy@w3.org from February 2002)

From: Kim Hahn <KHahn@digitalimpact.com>
Date: Wed, 20 Feb 2002 15:01:57 -0800
To: "'Lorrie Cranor'" <lorrie@research.att.com>, www-p3p-policy@w3.org
Message-ID: <D09EEBE0D49B4748B8276F91C3C3FA65051F6BDD@DIEXGSM1.digitalimpact.com>

The first suggestion was almost correct. The client page was reading one
cookie and trying to set a session state cookie. 

Big thanks for the help!
Kim

-----Original Message-----
From: Lorrie Cranor [mailto:lorrie@research.att.com]
Sent: Tuesday, February 19, 2002 7:47 PM
To: Kim Hahn; www-p3p-policy@w3.org
Subject: Re: Reading cookies as a 3rd party.


This question is hard to answer without knowing more
about how you are setting and reading the cookie.
One possible problem is that  on the client page your
browser is actually trying to replay two cookies -- the
one you are testing and some other one that you
set previously (and that previous cookie is the
one getting blocked). Another possible problem
is that the cookie may sometimes be replayed in
a first party context and sometimes in a thirdparty
context.

Lorrie


------ Original Message -----
From: "Kim Hahn" <KHahn@digitalimpact.com>
To: <www-p3p-policy@w3.org>
Sent: Tuesday, February 19, 2002 9:35 PM
Subject: Reading cookies as a 3rd party.


> Hello,
>
> I have two applications, one that sets a persistant 1st party cookie, and
> another which later reads the cookie with sensing code sitting on an
> external client page. The sensing code never tries to set the cookie, just
> reads it.
>
> The setting application has PRF, P3P and written policies hosted, and
sends
> the correct compact policy header. The reading application has no privacy
> compliancy (we are doing a phased implementation where we we reconfigure
the
> setting apps first). The calling application also sits in a nested virtual
> directory on our IIS5 servers.
>
> On the client page I am getting what seems to be inconsistant behavior -
the
> cookie is read and processed by the sensor code, but IE6 displays a
privacy
> alert and the privacy report says the cookie is blocked. How can the
cookie
> be blocked if it's being read? I tried moving the calling app out of the
> nested virtual directory into the one above and the privacy alert
> dissappeared.
>
> I'm at a loss. Do you have any suggestions as to what's going on?
>
> Kim
>
>

Received on Wednesday, 20 February 2002 18:02:52 UTC