Archived

This topic is now archived and is closed to further replies.

WayfarerX

OT: P3P (IE 6 and Privacy Policies)

Recommended Posts

Sorry for being off-topic guys, this is my last resort before using one of my company''s covetted MSDN Tech Support Certificates. Basicly, I''ve got website A that runs the Endowment Association for a state college. This site is hosted at the college. Then we have site B which is a sub-section of site A. Site B is the part of the site that accepts online donations for the college. My company hosts site B due to the fact that the college does not have an SSL Certificate. Site B is loaded inside a frameset hosted on site A (so the URL in the browser appears the same as site A''s). The problem arises from the fact that site B needs to store cookies on the user''s browser to track session information. This all works fine in every browser EXCEPT IE 6. IE 6 has supports a new "feature" called P3P. A P3P is a Privacy Policy encoded into an XML file and placed on the website. IE 6''s default settings require that "3rd-party" requests (requests that come from a domain other than the one in the address bar) provide a P3P to be able to store cookies on the client''s browser. Okay, so I spend the last 2 days learing about this P3P stuff. I''ve got the XML file built, I''ve got everything set up as Microsoft says I should. IE finds the P3P and parses it, but the damn thing still won''t accept cookies. I figure at max about 1% of the visitors to this site will have any idea what I''m talking about, but if any of those 1% have had similar problems and know of any specific tips or gotchas, I would be endlessly appriciative. Thanks. PS: No flames about how this whole setup is a kludge...I know. I didn''t build the site, I just have to maintain it. The author is sitting on the beach in Florida drinking Vodka while I sit here and deal with his issues...*sigh*. "So crucify the ego, before it''s far too late. To leave behind this place so negative and blind and cynical, and you will come to find that we are all one mind. Capable of all that''s imagined and all conceivable." - Tool ------------------------------

Share this post


Link to post
Share on other sites
Well, I guess 1% is a little optimisitic huh? Well if anyone cares I got the problem solved.

I guess this makes it obvious why I want to get into game programming though .

"So crucify the ego, before it''s far too late. To leave behind this place so negative and blind and cynical, and you will come to find that we are all one mind. Capable of all that''s imagined and all conceivable."
- Tool
------------------------------

Share this post


Link to post
Share on other sites
Wow, I didn't think anyone cared (I certainly wish I didn't have to ).

Well, as I said I had successfully linked the page to the external P3P file, but the cookies were still getting blocked. So after a conversation with a very nice & helpful MS employee, I found out that I _also_ had to set a HTTP header on the response that contained a Compact P3P policy. The compact policy is the same thing as the XML policy, except it's only a string of 3 or 4 character long codes that describe the policy. Example:

NON CURa ADMa DEVa OUR NOR IND COM NAV STA

Fun huh? Why you have to include 2 different versions of the same policy I don't know.

The odd thing is that this does make IE accept the cookie, but it still tells the user it's getting rejected. But the damn thing works and the clients are no longer breathing down our necks, so yeah.

On a side note I'd like to say that this is the first time I've used MS developer support and I was very impressed. Getting through the first couple of operators was slightly annoying, but when I got on the phone with the actual tech he was very nice and receptive. He even called me back today to make sure the problem had been solved, so kudos to those guys.

If anyone is interested, I did find a sweet program by IBM that allows you to create the policy files in a GUI environment.

"So crucify the ego, before it's far too late. To leave behind this place so negative and blind and cynical, and you will come to find that we are all one mind. Capable of all that's imagined and all conceivable."
- Tool
------------------------------


Edited by - wayfarerx on January 4, 2002 3:36:16 PM

Share this post


Link to post
Share on other sites