SSL, P3P & Cookies.

Discussion in 'ASP General' started by Matt Smith, Sep 2, 2003.

  1. Matt Smith

    Matt Smith Guest

    Please oh please oh please can someone with some P3P knowledge help me out?

    I'm aware that this isn't strictly an ASP or IIS issue but the SSL groups
    listed on my news server appear abandoned and since I've been coming to
    these groups I'm sure I've seen many people ask and answer SSL related
    questions. So here goes:

    I've recently had a shared SSL enabled for my site to use, but am having
    enormous difficulty in incorporating it into my program.
    Having found that IE was blocking my cookies, I set about creating a P3P
    compatible privacy policy using the IBM policy creator
    ( Uploaded the generated
    policy and associated written documents to the unsecure area of my website.
    Linked the policy to my data gathering page with a <LINK rel="P3Pv1"
    href=http://etc../p3p.xml>. Got a Compact Policy, haven't a clue what to do
    with it :(
    The results are not satisfactory.

    Page in SSL location loads, attempts to use Session variables, which I
    assume attempts to store a temporary cookie. IE shows an eye and no-entry
    sign privacy report. Privacy report says that one or more cookies was
    blocked and names it. Summary report gets the relevant P3P policy (i think).
    The policy includes methods that i thought would enable cookie usage:
    Policy 1 contains a <STATEMENT> tag specifying:
    <DATA ref="#dynamic.cookies"><CATEGORIES><state/></CATEGORIES></DATA>

    and P3P.xml (located in root of non-secure url, pointed at by page in secure
    url.) contains a <POLICY-REFERENCES> tag specifying:
    <POLICY-REF about="policy1.xml">
    also tried specifying <COOKIE-INCLUDE name="*" value="*" domain="*"
    Result: No change. Tried all kinds of things with that CP string. No
    noticable changes so shan't list attempts. If you know how to use it (in
    html or asp) please advise me.

    Does anyone know how to make my site use its cookies? !!!

    Many thanks to anyone who tries ;)

    Matt Smith
    Matt Smith, Sep 2, 2003
    1. Advertisements

  2. Matt Smith

    Matt Smith Guest

    For anyone reading this and thinking "That's my problem too. Why did no one
    answer him and was it ever solved?"

    That CP string I didn't know what to do with gets put in an HTTP header.
    (Fair enough. Everyone tells you that.)

    Response.AddHeader "P3P", """CP=put that cp string here""
    policyref=""http://www.location of p3p.xml"""

    <POLICY-REF about="policy1.xml">
    Needs a # indicated reference to
    <POLICY name="Policy_Name" etc>
    in Policy1.xml
    <POLICY-REF about="policy1.xml#Policy_Name">
    Thanks to the P3P validator for it's most unhelpful error messages on that.

    Most importantly:
    I.E 6 blocks cookies that are considered 'unsatisfactory'. Basically this
    means "where the purpose/recipient token does not contain the optional
    attribute, "i" or "o." "
    l/ie6privacyfeature.asp). This document is the pitfall. If you're
    experiencing troubles like this with IE. Read it carefully.

    Matt Smith
    P.S I'm off to model some voodoo dolls of W3C promoters and stick them on
    the barbeque.
    Matt Smith, Sep 3, 2003
    1. Advertisements

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Chris

    Third party cookies and P3P

    Chris, Apr 8, 2005, in forum: ASP .Net
    David Berman
    Apr 25, 2005
  2. Daniel Doman

    Re: p3p and inline files like M3U

    Daniel Doman, Jul 26, 2003, in forum: HTML
    Daniel Doman
    Jul 26, 2003
  3. Ajay


    Ajay, Aug 11, 2004, in forum: Python
  4. Hey D
    Toby A Inkster
    Mar 11, 2008
  5. Dominik Amon

    Cookies - Datenschutzt - P3P

    Dominik Amon, Nov 19, 2008, in forum: ASP .Net
    Dominik Amon
    Nov 19, 2008

Share This Page