Please oh please oh please can someone with some P3P knowledge help me out?
I'm aware that this isn't strictly an ASP or IIS issue but the SSL groups
listed on my news server appear abandoned and since I've been coming to
these groups I'm sure I've seen many people ask and answer SSL related
questions. So here goes:
I've recently had a shared SSL enabled for my site to use, but am having
enormous difficulty in incorporating it into my program.
Having found that IE was blocking my cookies, I set about creating a P3P
compatible privacy policy using the IBM policy creator
(http://www.alphaworks.ibm.com/tech/p3peditor). Uploaded the generated
policy and associated written documents to the unsecure area of my website.
Linked the policy to my data gathering page with a <LINK rel="P3Pv1"
href=http://etc../p3p.xml>. Got a Compact Policy, haven't a clue what to do
with it :(
The results are not satisfactory.
Page in SSL location loads, attempts to use Session variables, which I
assume attempts to store a temporary cookie. IE shows an eye and no-entry
sign privacy report. Privacy report says that one or more cookies was
blocked and names it. Summary report gets the relevant P3P policy (i think).
The policy includes methods that i thought would enable cookie usage:
Policy 1 contains a <STATEMENT> tag specifying:
<DATA-GROUP>
<DATA ref="#dynamic.c ookies"><CATEGO RIES><state/></CATEGORIES></DATA>
</DATA GROUP>
and P3P.xml (located in root of non-secure url, pointed at by page in secure
url.) contains a <POLICY-REFERENCES> tag specifying:
<POLICY-REF about="policy1. xml">
<INCLUDE>/*</INCLUDE>
<COOKIE-INCLUDE/>
</POLICY-REF>
also tried specifying <COOKIE-INCLUDE name="*" value="*" domain="*"
path="*"/>
Result: No change. Tried all kinds of things with that CP string. No
noticable changes so shan't list attempts. If you know how to use it (in
html or asp) please advise me.
Does anyone know how to make my site use its cookies? !!!
Many thanks to anyone who tries ;)
Matt Smith