Cookies can only be retrieved from the site that sets them.

Which domain sets the cookie - yours or your customer's?

Are we talking about MSIE6's "third-party cookie" handling? If so, the Microsoft Knowledge Base [support.microsoft.com] says the cookie-server has to have a compact policy -- that's not the XML file that IBM's editor makes. A compact policy is an extra HTTP header that points to the XML file and summarizes your privacy declarations for cookies. For example, the compact policy from one my sites (URL changed, as per WW rules):

P3P: policyref="http://www.example.com/w3c/p3p.xml", CP="NOI DSP COR CUR OUR STP STA"

(Which I think says I use anonymous cookies to save state, and throw away my copy immediately. Or something like that.)

By requiring the compact policy, MSIE requires you to send a privacy notice with every cookie.

I haven't used IBM's privacy kit in ages, so I can't remember if it discusses compact policies. Deriving your compact policy isn't too difficult: Just look up the correct abbreviations for your cookie policies [w3.org] and stick them in an HTTP header. If you're running Apache, you set such headers using the "Header" directive:

Header set P3P 'policyref="http://www.example.com/w3c/p3p.xml"'
Header append P3P 'CP="NOI DSP COR CUR OUR STP STA"'

(Before anybody asks: Yes, you really can put double-quotes inside the single quotes, as weird as that may look to non-programmers.)

If you're not on Apache, I don't know what to tell you. I'm sure somebody else will chime in with instructions for other servers.

Here's a more in depth summary of my situation.

I run two domains. Domain A hosts the affiliate script. Domain B is another site I operate. Both domains have their affiliate programs operated by the affiliate script. The affiliate program works fine for Domain A, but on Domain B, the cookies are blocked. I have a compact policy on both domains. However it still doesn't work on domain B.

I really am out of my league when it comes to this stuff. I did manage to get it working for domain A, but still no luck with domain B. I don't understand the requirements IE sets for 3rd party cookies.

Please tell me it's possible to host the affiliate script on one domain and run affiliate programs through this script on multiple domains.

Can anyone take a look at my policy and possible add support for 3rd party cookies? I would greatly appreciate the help!

Thanks
Tom

Does anyone know where I can turn to, to get my privacy policy troubleshooted and ultimately fixed to allow 3rd party cookies?

How do you set the cookie -- using JavaScript or a server side solution?
And, you realize that even with a compact privacy policy you may not be able to set the cookie (depending on the browser settings)

The cookie is set by the affiliate software which is coded in PHP.

I understand people can block cookies all together. But I would like 3rd party cookies to be accepted based on the default IE settings.

How do the big name affiliate networks track their sales? Do they use cookies? How do they get the cookies accepted on all their clients sites?

Please help...

Thanks
Tom

I have the same problem. I have website A and website B. On IIS for website A, every request I insert P3P headers.

For website B, it references a tracking pixel on website A which will then set a cookie for website A, but the cookie is always blocked my IE. However, cookies from webtrendslive are always accepted. What are they doing differently to get their cookies accepted?