Re: Strange Policy Problem from Carter St.Clair on 2003-03-05 (www-p3p-policy@w3.org from March 2003)

From: Carter St.Clair <carter@codeinfusion.com>
Date: Wed, 5 Mar 2003 10:30:41 -0500
To: "Lorrie Cranor" <lorrie@research.att.com>
Cc: <www-p3p-policy@w3.org>
Message-ID: <003b01c2e32c$2f7750d0$0101a8c0@carter>

Hi Lorrie,
The cookie is blocked when you create a test HTML file and then frame the
https URL in it, and view it from a webserver.  If I frame the https URL in
a standard HTML page and view it from my hard drive, there is no problem.
But when I upload the page to a webserver, and then request the page, the
framed https URL shows a blocked cookie in the IE6 privacy report.  When I
change the framed URL to http (instead of https), no cookie is blocked.

Any ideas?

-Carter St.Clair
 http://codeinfusion.com
 http://p3pedit.com


----- Original Message -----
From: "Lorrie Cranor" <lorrie@research.att.com>
To: "Carter St.Clair" <carter@codeinfusion.com>
Cc: <www-p3p-policy@w3.org>
Sent: Wednesday, March 05, 2003 9:40 AM
Subject: Re: Strange Policy Problem


> I just took a look and I don't see cookies being blocked with either
> URL. I see one session cookie being set. Under the default setting in
> IE6 session cookies are never blocked.
>
> How do you know your cookie is being blocked? Because you see a red eye
> in IE6 or because your application is not functioning properly? If it
> is the red eye you are seeing, click on it and see whether the cookie
> being blocked is the cookie you think it is. You may want to try
> removing your cookies and restarting your browser. If the problem is
> that your application is not functioning properly but you don't
> actually see the red eye, than the IE6 cookie blocking is unlikely to
> be the culprit.
>
> Lorrie
>
>
> On Tuesday, March 4, 2003, at 03:46  PM, Carter St.Clair wrote:
>
> >
> > Here's a strange one for me - I've got a client who's website has a
> > valid
> > P3P policy and compact policy.  When framing his URL using SSL, the
> > cookie
> > is blocked in IE6:
> >
> > https://seodirector.com/seotracking/
> > record_order.asp?strSource=null&intTrack
> > ingID=null&intOrderTotal=1&intOrderID=WB
> >
> > But when framing the same site without SSL, the cookie is not blocked:
> >
> > http://seodirector.com/seotracking/
> > record_order.asp?strSource=null&intTracki
> > ngID=null&intOrderTotal=1&intOrderID=WB
> >
> > Any idea why SSL is causing IE6 to block this cookie?  Both referenced
> > URLs
> > have valid compact policies that are acceptable by IE6, and the http
> > one
> > works fine.
> >
> > Thanks for any input,
> >
> > -Carter St.Clair
> >  http://codeinfusion.com
> >  http://p3pedit.com
> >
> >

Received on Wednesday, 5 March 2003 10:30:41 UTC