Re: P3P and IE 6

This WebDNA talk-list message is from

2004


It keeps the original formatting.
numero = 60603
interpreted = N
texte = Gary Krockover wrote: > Seemed like a major headache, a summary of how to resolve the problem > would be great, if it wouldn't be too much trouble. > > Gary In fact it was a bit of a headache. ;-). ABOUT: P3P is a policy that is checked by some browsers and enforced by some of those browsers (mostly IE 6 at this time). The policy is checked in either the compact policy form or the XML form (either is acceptable). Since we have the use of [MIMEHEADERS] its much cleaner to use the MIMEheader (compact) form. This is the form that John gave us an example of. The policy also can contain a human readable policy but it doesn't seem to be strictly enforced at this time (how can it be? ;-). The P3P policy points to it. I am pretty sure that those who set cookies will run into this in some fashion at some point. Especially if the cookie is somewhat intragal to the site... unless MS gets enough complaints to where they lessen the dependency of IE 6 on P3P. ;-) THE POLICY: The "policy" really should be "policy's" in its purest form. This is because each page may have different function and content and the policy for a single page should match its content. However, one can get by with a single policy in many circomstances. The policy is made up of Groups. Basically, the idea is to have as little of GROUPS as necessary to get an approved policy (IMHO). This is because, the more groups you have, the more rules there are to be aware of. Be warey that, when creating your policy (I used IBM's free java app), that your policy should represent, fairly accurately, what your site (page) does and contains. Note that if you have a required transaction group, or if you've defined any peramiters that specify collecting sensitive information, you'll probably be required to have a secure certificate in order to be able access those pages (in IE 6) that use the cookie. --Evil vibes towards MS -- We were permitted to set the cookie, but, upon redirect and attempting to grab the cookie value, we were not permitted to go any farther without a secure cert in place (probably because we specified a transaction group within the policy). OTHER: During the search for the fix, I found many other language forums who were having issues with this as well. CF, PHP etc.. Many issues were stated for (previously working log in systems). Many stabs at a fix were not really on the right track ;-). The P3P Spec at www.w3.org and IBM's free P3P tool is a good place to start. Anyway, hope this helps someone. :-) One last thought, Since Sitebuilder (and Storebuilder) don't use cookies by default, those sites may not have to worry too much about it... at this time anyway. Happy Holidays, Donovan -- =o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o DONOVAN D. BROOKE Eucalyptus Design <-Web Development (specializing in eCommerce), -> <- Graphic Design, Custom Tags and Labels -> ADDRESS:> Donovan Brooke DBA Eucalyptus Design N2862 Summerville Park Rd. Lodi, WI 53555 PH:> 1.608.592.3567 Web:> http://www.euca.us =o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o ------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/ Associated Messages, from the most recent to the oldest:

    
  1. Re: P3P and IE 6 ( Donovan Brooke 2004)
  2. Re: P3P and IE 6 ( Alan White 2004)
  3. Re: P3P and IE 6 ( Gary Krockover 2004)
  4. Re: P3P and IE 6 ( Alan White 2004)
  5. Re: P3P and IE 6 ( Gary Krockover 2004)
  6. P3P and IE 6 ( Donovan Brooke 2004)
Gary Krockover wrote: > Seemed like a major headache, a summary of how to resolve the problem > would be great, if it wouldn't be too much trouble. > > Gary In fact it was a bit of a headache. ;-). ABOUT: P3P is a policy that is checked by some browsers and enforced by some of those browsers (mostly IE 6 at this time). The policy is checked in either the compact policy form or the XML form (either is acceptable). Since we have the use of [MIMEHEADERS] its much cleaner to use the MIMEheader (compact) form. This is the form that John gave us an example of. The policy also can contain a human readable policy but it doesn't seem to be strictly enforced at this time (how can it be? ;-). The P3P policy points to it. I am pretty sure that those who set cookies will run into this in some fashion at some point. Especially if the cookie is somewhat intragal to the site... unless MS gets enough complaints to where they lessen the dependency of IE 6 on P3P. ;-) THE POLICY: The "policy" really should be "policy's" in its purest form. This is because each page may have different function and content and the policy for a single page should match its content. However, one can get by with a single policy in many circomstances. The policy is made up of Groups. Basically, the idea is to have as little of GROUPS as necessary to get an approved policy (IMHO). This is because, the more groups you have, the more rules there are to be aware of. Be warey that, when creating your policy (I used IBM's free java app), that your policy should represent, fairly accurately, what your site (page) does and contains. Note that if you have a required transaction group, or if you've defined any peramiters that specify collecting sensitive information, you'll probably be required to have a secure certificate in order to be able access those pages (in IE 6) that use the cookie. --Evil vibes towards MS -- We were permitted to set the cookie, but, upon redirect and attempting to grab the cookie value, we were not permitted to go any farther without a secure cert in place (probably because we specified a transaction group within the policy). OTHER: During the search for the fix, I found many other language forums who were having issues with this as well. CF, PHP etc.. Many issues were stated for (previously working log in systems). Many stabs at a fix were not really on the right track ;-). The P3P Spec at www.w3.org and IBM's free P3P tool is a good place to start. Anyway, hope this helps someone. :-) One last thought, Since Sitebuilder (and Storebuilder) don't use cookies by default, those sites may not have to worry too much about it... at this time anyway. Happy Holidays, Donovan -- =o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o DONOVAN D. BROOKE Eucalyptus Design <-Web Development (specializing in eCommerce), -> <- Graphic Design, Custom Tags and Labels -> ADDRESS:> Donovan Brooke DBA Eucalyptus Design N2862 Summerville Park Rd. Lodi, WI 53555 PH:> 1.608.592.3567 Web:> http://www.euca.us =o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o ------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/ Donovan Brooke

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

Random bug, OSX 10.04 (2001) Calculating multiple shipping... (1997) why do I get authorization requests, even though (1999) Approved Carts (1999) Running _every_ page through WebCat ? (1997) IE Cache Problems... (1999) OT - AppleScript Request (2004) I'm Baaaaaaaaaack - Questions! (2000) PLEASE REMOVE MY EMAIL ADDRESS (1997) No spaces allowed in text variable names ... ? (2002) WC2.0 Memory Requirements (1997) Problems searching from a FORM (1997) searching with groups (1997) Shipping rate x Quantity solution needed (2000) setting cookies then redirecting? (1998) Question (1997) Protect vs Authenicate (1997) system crashes, event log (1997) Size limit for tmpl editor ? (1997) WebCat consulting $ (1998)