- From: Lorrie Cranor <lorrie@research.att.com>
- Date: Sun, 16 Nov 2003 09:46:13 -0500
- To: Rigo Wenning <rigo@w3.org>
- Cc: Kevin Day <kevin@riskebiz.com>, www-p3p-policy@w3.org
This article provides more info about the interaction between P3P, cookies, and IE6: http://www.oreillynet.com/pub/a/javascript/2002/10/04/p3p.html Lorrie On Sunday, November 16, 2003, at 08:50 AM, Rigo Wenning wrote: > > The default caching time of P3P is 24 hours. You can even set it > higher. > If someone altered the security settings in IE to see wether it runs > even in high-mode or something, the cookie gets blocked and IE > remembers > that decision for at least 24 hours. > > Look into the IE documentation to see how to switch off or use the TST > (Test) token before going live. > > Also note, that you have to have a full policy. Compact format alone is > not sufficient and "make IE happy" headers are legally dangerous. > > Best, > -- > Rigo Wenning W3C/ERCIM > Policy Analyst Privacy Activity Lead > mail:rigo@w3.org 2004, Routes des Lucioles > http://www.w3.org/ F-06902 Sophia Antipolis > > On Sun, Nov 16, 2003 at 02:42:16AM -0800, Kevin Day wrote: >> >> We have a site that uses third party cookies in frames. IE 6 was >> blocking >> the login, so we set up P3P. At first it did not work, but then I >> read a >> post about including the CP code in the header and then it worked >> perfectly >> for a couple of hours. Then all of the sudden it stopped working, >> and now >> cookies can no longer be used on any web page at this domain, >> regardless of >> security settings and browser, and this is a serious problem for us. >> I have >> no idea what could cause this, can you help? >> >> Kevin >
Received on Sunday, 16 November 2003 09:46:16 UTC