gsx: you probably need to tweak the privacy statement. You can get cookies to be allowed, but there is a trick to it. I can help you but I need to see your privacy statement in order to do that.

See your stickymail.
-G

I have tweaked the privacy statement. The reference file includes <COOKIE-INCLUDE...,

the privacy file includes the <DATA-GROUP><DATA ref="#dynamic.cookies"...

and I have set the server to report a compact policy using the header P3P:....

The most confusing part is that when I go to privacy report in IE, it states that it has accepted the cookie. But it has not. The program has a nice simplicity to it: it writes the cookie, it reads the cookie immediately afterwood. And there is no cookie but IE believes that there is?

P.S., look at Amazon.com - no privacy policy, yet IE6 allows it to store cookies - why? I have been trying to sort this out for two weeks and it is getting ridiculous, some sites are fine, others getting blocked and there is no apparent reason for it at all. P3P information is overloaded with pages and pages of useless text - all I want is to be able to store one cookie (is that too much to ask? - obviously it is for Microsoft!)

You'll need a "compact policy" sent with the HTTP headers of each page, as explained (among many other things) in this thread [webmasterworld.com]. The plain text policy is just for human viewers, and won't influence IEs behaviour in any way.

I am sending a compact policy. I have also set IE6 to accept all cookies - it still states it has accepted them in the privacy screen, but it has not accepted them at all.

Why should it refuse cookies if I have set them to accept them? (It's not a firewall issue - Netscape, Opera, Mozilla etc.. no problem, but IE - that's a different subject).

P.S. The blocked cookie icon at the bottom of the browser window does not appear either.

(Oh, and what is the point of carefully formatted and thoughtout p3p.xml file if it can only be read by humans?)

I have spent over 40 hours trying to get this damned thing to work and I am now getting very annoyed with Mickysoft. (To put it in perspective, it only took me 15 hours to write a full Perl shopping cart, deframe the site, and remove all essential JavaScript into server side activities)

Do you really need a P3P policy? If you are not sending cookies from a different domain, you really don't need one. Until there is a public outcry...

Checking your files now..
-G

1. Try renaming your files with extension .p3p instead of .xml.

I think that might just solve your issues.
-G

"Compact policies are summarized P3P policies that provide hints to user agents to enable the user agent to make quick, synchronous decisions about applying policy. Compact policies are a performance optimization that is OPTIONAL for either user agents or servers. User agents that are unable to obtain enough information from a compact policy to make a decision according to a user's preferences SHOULD fetch the full policy."

[w3c.org...]

Try renaming, be back soon...

Renaming has caused an error when trying to view the policy (can't be found).

Can anybody explain why Amazon.com has NO privacy policy (xml variety), nor does it have a compact (P3P: ) header, yet it STILL can store cookies?

This is pathetic because I am wasting hours reading information and getting nowhere - yet if I used JavaScript to store the cookie, no privacy policy is required.

It seems like the normal half-hearted pathetic attempts of Microsoft to use their fine-line domination of the market to promote the tactics they desire to the detriment of other businesses. I hope AOL go down the Netscape route 100% shortly.

Why would it state that a cookie had been stored, when it has not?

Maybe I am going off half-cock but:

Are you sure the cookie is set from your OWN site? Many logging programs call up code via java on your pages to run cookie code from their own server. If THEIR server does not have a privacy thingy then your cookies (actually their cookies) may not be laid.

Dixon.

Can anybody explain why Amazon.com has NO privacy policy (xml variety), nor does it have a compact (P3P: ) header, yet it STILL can store cookies?

Yes. Because as long as the cookie is not third party -- that is, coming from another site -- , the cookie is 'leashed', which means IE will only allow that cookie to be read from that domain. Amazon probably doesn't have the privacy policy because it does not behoove them to have it. Let me explain.

Let's say Amazon has an xml policy and they set a cookie. If the consumer has their IE settings such that that cookie is deemed 'unsatisfactory', the cookie is downgraded to a session cookie and the items a consumer puts into their cart today will be gone at the end of the session.

BUT, if Amazon doesn't have an xml policy at all, the cookie is simply leashed, which means as long as the cookie comes from Amazon, it is allowed.

So, it really doesn't behoove Amazon to have an xml policy if all their cookies are first-party.

For more information:

Privacy in Internet Explorer 6 (Microsoft document) [msdn.microsoft.com]

Tutorial on the different types of cookies:
[webmasterworld.com...]