- From: Lorrie Cranor <lorrie@research.att.com>
- Date: Thu, 7 Nov 2002 23:53:37 -0500
- To: <rayliu@btinternet.com>, <www-p3p-policy@w3.org>
> I just launched a new corporate website recently which consists of a different site (or domain) embedded in a frame. This third party site uses cookies and hence the whole third party cookie problem kicks in in IE6 blocking the user from logging on properly to our service. > > The website in question is www.universal-salvage.com > It embeds www.universal-auctions.co.uk (the site with the cookies in frames > > Ive spent a week looking at various documentation and implementing out p3p using the IBM editor. Question I wanted to ask is: > > Do I need to implement p3p on both of the domains? So far I have only specified it on the third-party site which is embedded in a frame on the main site. I have used the p3p validator tool to validate my policy is correct but it still doesnt allow the cookies to work properly from the main site. You do not need to P3P-enabled the main site to avoid cookie blocking, although it is a good idea and would allow users to view a privacy report for your site, so I do recommend it. The most likely reason that your cookies are getting blocked is that you are not sending P3P compact policies with your cookies. The IBM generator can generate compact policies for you. Lorrie -- Lorrie Faith Cranor - http://lorrie.cranor.org/ P3P Specification Working Group Chair - http://www.w3.org/p3p/ New book: Web Privacy with P3P - http://p3pbook.com/
Received on Thursday, 7 November 2002 23:56:35 UTC