- From: Carter St.Clair <carter@codeinfusion.com>
- Date: Wed, 5 Mar 2003 12:56:53 -0500
- To: "Lorrie Cranor" <lorrie@research.att.com>
- Cc: <www-p3p-policy@w3.org>, <koike_4@mmp.cl.nec.co.jp>
OK, This came down to an issue with the compact policy that I didn't notice, and the P3P validator missed as well. I'll CC: Yuichi on this so that he can note it on the validator front page. The client had formatted his compact policy as such: P3P:NOI DSP COR NID CUR OUR NOR Instead of the correct way: P3P:CP="NOI DSP COR NID CUR OUR NOR" Hopefully this will help someone with a similar problem in the future. -Carter St.Clair http://codeinfusion.com http://p3pedit.com ----- Original Message ----- From: "Lorrie Cranor" <lorrie@research.att.com> To: "Carter St.Clair" <carter@codeinfusion.com> Cc: <www-p3p-policy@w3.org> Sent: Wednesday, March 05, 2003 11:48 AM Subject: Re: Strange Policy Problem > > On Wednesday, March 5, 2003, at 11:24 AM, Carter St.Clair wrote: > > > I'm waiting to hear back about whether it is a session cookie or not. > > But, > > to see example of this, you can go to www.wbranch.com, click on "Get > > Info", > > fill out form and you should see the privacy report on the thank you > > page. > > I tried it but I don't see any cookie blocking. I also tried to view > the privacy report on the thank you page and it did not come up. > wbranch.com does not appear to be P3P enabled. The privacy report also > did not list any cookies at all. > > Lorrie > > > > > > > This is very strange - I've helped many people solve cookie problems > > with > > P3P, but this one has me stumped. > > > > Thanks, > > > > -Carter St.Clair > > http://codeinfusion.com > > http://p3pedit.com > > > > > > ----- Original Message ----- > > From: "Lorrie Cranor" <lorrie@research.att.com> > > To: "Carter St.Clair" <carter@codeinfusion.com> > > Cc: <www-p3p-policy@w3.org> > > Sent: Wednesday, March 05, 2003 10:59 AM > > Subject: Re: Strange Policy Problem > > > > > >> Do you have a test URL where I can see what happens with the framing? > >> The URL you sent doesn't involve any frames. > >> > >> Also, can you confirm that the cookie in question is a session cookie? > >> If so, I don't understand why it would be blocked at all except > >> possibly on the high setting. Did you confirm that the cookie being > >> blocked is the cookie you care about? Maybe there is a cookie stored > >> in > >> your browser that gets sent back with the https frame that has nothing > >> to do with what you are trying to test? > >> > >> Sometimes it is also useful to test with Netscape 7 to track down > >> these > >> sorts of problems because you can get more detailed cookie > >> information. > >> > >> Lorrie > >> > >> > >> On Wednesday, March 5, 2003, at 10:30 AM, Carter St.Clair wrote: > >> > >>> Hi Lorrie, > >>> The cookie is blocked when you create a test HTML file and then frame > >>> the > >>> https URL in it, and view it from a webserver. If I frame the https > >>> URL in > >>> a standard HTML page and view it from my hard drive, there is no > >>> problem. > >>> But when I upload the page to a webserver, and then request the page, > >>> the > >>> framed https URL shows a blocked cookie in the IE6 privacy report. > >>> When I > >>> change the framed URL to http (instead of https), no cookie is > >>> blocked. > >>> > >>> Any ideas? > >>> > >>> -Carter St.Clair > >>> http://codeinfusion.com > >>> http://p3pedit.com > >>> > >>> > >>> ----- Original Message ----- > >>> From: "Lorrie Cranor" <lorrie@research.att.com> > >>> To: "Carter St.Clair" <carter@codeinfusion.com> > >>> Cc: <www-p3p-policy@w3.org> > >>> Sent: Wednesday, March 05, 2003 9:40 AM > >>> Subject: Re: Strange Policy Problem > >>> > >>> > >>>> I just took a look and I don't see cookies being blocked with either > >>>> URL. I see one session cookie being set. Under the default setting > >>>> in > >>>> IE6 session cookies are never blocked. > >>>> > >>>> How do you know your cookie is being blocked? Because you see a red > >>>> eye > >>>> in IE6 or because your application is not functioning properly? If > >>>> it > >>>> is the red eye you are seeing, click on it and see whether the > >>>> cookie > >>>> being blocked is the cookie you think it is. You may want to try > >>>> removing your cookies and restarting your browser. If the problem is > >>>> that your application is not functioning properly but you don't > >>>> actually see the red eye, than the IE6 cookie blocking is unlikely > >>>> to > >>>> be the culprit. > >>>> > >>>> Lorrie > >>>> > >>>> > >>>> On Tuesday, March 4, 2003, at 03:46 PM, Carter St.Clair wrote: > >>>> > >>>>> > >>>>> Here's a strange one for me - I've got a client who's website has a > >>>>> valid > >>>>> P3P policy and compact policy. When framing his URL using SSL, the > >>>>> cookie > >>>>> is blocked in IE6: > >>>>> > >>>>> https://seodirector.com/seotracking/ > >>>>> record_order.asp?strSource=null&intTrack > >>>>> ingID=null&intOrderTotal=1&intOrderID=WB > >>>>> > >>>>> But when framing the same site without SSL, the cookie is not > >>>>> blocked: > >>>>> > >>>>> http://seodirector.com/seotracking/ > >>>>> record_order.asp?strSource=null&intTracki > >>>>> ngID=null&intOrderTotal=1&intOrderID=WB > >>>>> > >>>>> Any idea why SSL is causing IE6 to block this cookie? Both > >>>>> referenced > >>>>> URLs > >>>>> have valid compact policies that are acceptable by IE6, and the > >>>>> http > >>>>> one > >>>>> works fine. > >>>>> > >>>>> Thanks for any input, > >>>>> > >>>>> -Carter St.Clair > >>>>> http://codeinfusion.com > >>>>> http://p3pedit.com > >>>>> > >>>>> > >>> > >
Received on Wednesday, 5 March 2003 12:56:56 UTC