P3P and 3rd party cookies

Forum Moderators: coopster

Message Too Old, No Replies

P3P and 3rd party cookies

Are 3rd party IFrame cookies still blocked?

androidtech

7:58 pm on Sep 6, 2005 (gmt 0)

My web site now has a P3P policy. The W3C validator said everything passed except the lack of a "<LINK>" tag to the reference policy in the HTML document. However, IE6 is finding the P3P documents because it shows the links to them in the "blocked" list when I double-click on the "red eye" in the browser status bar.

One an external site, one of my pages from the P3P enabled sited is loaded into an IFRAME. Therefore it is a 3rd party IFRAME (not from the originating domain) in this context.

I am still getting the dreaded IE6 "red eye" for all my graphics, and I can't read/write cookies even though my P3P policy and compact policy indicate "no personally identifiable" (PII) information is collected.

Even if you have a P3P policy with no PII collected status, are 3rd party coolies still blocked at the Medium or default IE6 security/privacy setting? Or is there something here I can fix?

Thanks.

Lord Majestic

8:05 pm on Sep 6, 2005 (gmt 0)

Have you got P3P HTTP header done too? This is what matters to IE.

androidtech

8:58 pm on Sep 6, 2005 (gmt 0)

Lord Majestic,

Yes. I send both the compact header line and the policy ref header line. The w3c validator program gave the HTTP headers a successful "grade":

"HTTP headers are P3P compliant."

Lord Majestic

9:15 pm on Sep 6, 2005 (gmt 0)

In this cases IE should not block 3rd party cookies unless you did not specify "right" things when you created mini P3P header. I usually test this by emailing myself to Hotmail and then clicking from there using IE, which would have frames on top of your site.

androidtech

9:39 pm on Sep 6, 2005 (gmt 0)

Lord Majestic,

I'm passing this as my CP:

header('P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"');

Thanks.

Lord Majestic

9:42 pm on Sep 6, 2005 (gmt 0)

Well, I ain't IE, so if it works then you got it right :p