473,769 Members | 4,089 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

SSL, P3P & Cookies.

Please oh please oh please can someone with some P3P knowledge help me out?

I'm aware that this isn't strictly an ASP or IIS issue but the SSL groups
listed on my news server appear abandoned and since I've been coming to
these groups I'm sure I've seen many people ask and answer SSL related
questions. So here goes:

I've recently had a shared SSL enabled for my site to use, but am having
enormous difficulty in incorporating it into my program.
Having found that IE was blocking my cookies, I set about creating a P3P
compatible privacy policy using the IBM policy creator
(http://www.alphaworks.ibm.com/tech/p3peditor). Uploaded the generated
policy and associated written documents to the unsecure area of my website.
Linked the policy to my data gathering page with a <LINK rel="P3Pv1"
href=http://etc../p3p.xml>. Got a Compact Policy, haven't a clue what to do
with it :(
The results are not satisfactory.

Page in SSL location loads, attempts to use Session variables, which I
assume attempts to store a temporary cookie. IE shows an eye and no-entry
sign privacy report. Privacy report says that one or more cookies was
blocked and names it. Summary report gets the relevant P3P policy (i think).
The policy includes methods that i thought would enable cookie usage:
Policy 1 contains a <STATEMENT> tag specifying:
<DATA-GROUP>
<DATA ref="#dynamic.c ookies"><CATEGO RIES><state/></CATEGORIES></DATA>
</DATA GROUP>

and P3P.xml (located in root of non-secure url, pointed at by page in secure
url.) contains a <POLICY-REFERENCES> tag specifying:
<POLICY-REF about="policy1. xml">
<INCLUDE>/*</INCLUDE>
<COOKIE-INCLUDE/>
</POLICY-REF>
also tried specifying <COOKIE-INCLUDE name="*" value="*" domain="*"
path="*"/>
Result: No change. Tried all kinds of things with that CP string. No
noticable changes so shan't list attempts. If you know how to use it (in
html or asp) please advise me.

Does anyone know how to make my site use its cookies? !!!

Many thanks to anyone who tries ;)

Matt Smith
Jul 19 '05 #1
1 3398
For anyone reading this and thinking "That's my problem too. Why did no one
answer him and was it ever solved?"

That CP string I didn't know what to do with gets put in an HTTP header.
(Fair enough. Everyone tells you that.)

Response.AddHea der "P3P", """CP=put that cp string here""
policyref=""htt p://www.location of p3p.xml"""

<POLICY-REF about="policy1. xml">
Needs a # indicated reference to
<POLICY name="Policy_Na me" etc>
in Policy1.xml
e.g
<POLICY-REF about="policy1. xml#Policy_Name ">
Thanks to the P3P validator for it's most unhelpful error messages on that.

Most importantly:
I.E 6 blocks cookies that are considered 'unsatisfactory '. Basically this
means "where the purpose/recipient token does not contain the optional
attribute, "i" or "o." "
(http://msdn.microsoft.com/library/de...-us/dnpriv/htm
l/ie6privacyfeatu re.asp). This document is the pitfall. If you're
experiencing troubles like this with IE. Read it carefully.

Matt Smith
P.S I'm off to model some voodoo dolls of W3C promoters and stick them on
the barbeque.
Jul 19 '05 #2

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics
4
21780
window.location & cookies?
by: changed | last post by:
I have an application that works almost all of the time but there is an inconsistent error with some browsers (some Mac, some PC). It seems that the cookie won't get written before the redirect. If I turn on cookie prompting my computer will stall just after this cookie is written (if it's even written) *MOST* of the time. setCookie("FC2", escape(escape(getCookie("FC"))), "", "/", ".lacs.utexas.edu", false); window.location =...
Javascript
7
3069
JSP & JavaScript: don't grok cookies?
by: Kai Grossjohann | last post by:
I have a JSP which does request.addCookie(cookie), then <c:redirect/> to a second JSP. Said second JSP reads the given cookies via JSP and sees that all is well: the cookies have arrived. Said second JSP *also* has some JavaScript code reading the same cookies, but they are not found. How come that JavaScript can't read the cookies set via JSP? I create the cookies in the first JSP like this:
Javascript
2
3034
Cookies & Localhost
by: Goober | last post by:
I have an application where we have a limited number of users and a set requirement for web access. An app that I have inherited uses cookies to set certain values (i.e. what would correspond to session variables in regular ASP) that we use to run reports from a SQL database and display them in a web browser. In doing some testing, I noticed that the cookies would remain there for previous used (if I signed into our app as user 1 and...
ASP.NET
1
1510
Cookies & Redirection
by: Jason Williard | last post by:
I am trying to implement several website translations. In doing so, a cookie is set so upon return to the site, they are automatically redirected. If the language is set to something other than "en" the page should redirect to /lang/LANGUAGE. To set the language, there is a drop-down menu, or the user can append ?lang=LANGUAGE to the end of the URL. Below is the code that I have so far.
ASP.NET
9
3061
Detecting if Browser Accepts Cookies & JavaScript
by: SHarris | last post by:
Hello, In our new intranet ASP.NET project, two requirements are that the browser accept cookies AND JavaScript. We are requiring the use of Internet Explorer 6+. 1. Using C# in an ASP.NET application, how can we code the project to check to make sure the browser accepts cookies? 2. Where would we put this code? In Global.asax? 3. Using C# in an ASP.NET application, how can we code the project to detect and make sure the browser...
ASP.NET
16
11056
HttpWebRequest & HttpWebResponse Cookies
by: Cheung, Jeffrey Jing-Yen | last post by:
I have a windows form application that generates a request, downloads an image, and waits the user to enter in login info. Unfortunately, this image is dynamic and based on session data. I have read documents on the CookieCollection property of HttpWebRequest. Currently, I have the functionality in my code to be able to accept cookies, and return them upon a new HttpWebRequest; however, upon further inspection of the returning...
Visual Basic .NET
17
4179
Cookie & Frame from another domain?
by: Bruno | last post by:
I have a feature that is hosted on a different domain from the primary one in a frame, and need to retain values in a cookie. example: A web page at one.com contains a frame which has a page hosted at two.com If I view the frameset from one.com in Firefox, all works well with the content from two.com. But if trying to view this using IE (with standard security settings), the cookie set by two.com is not accessible.
PHP
7
5355
LOGON_USER & Anonymous Access
by: bhavin30 | last post by:
Is there a way to obtain user information (using LOGON_USER server variables) when you have set up the security to Anonymous Access? I have tried setting the security to both Anonymous + Window Integrated, without any luck. I'm using IIS 6.0 on Windows Server 2003 Thanks in advance!
ASP.NET
1
2069
mod_python & Cookie - unexpected dictionary value
by: Jan Danielsson | last post by:
Hello all, I'm sure I'm not using this right, but I don't understand what I'm doing wrong. What I want is to get all the cookies from the request, then extract the 'sessId' cookie. I'm using this code: ----------------- from mod_python import Cookie
Python
1
1319
Temporary Internet Files & Cookies
by: =?Utf-8?B?S2Vycnk=?= | last post by:
Hi. If you delete your cookies does it make the computer run faster, & should you always keep your cookies.
.NET Framework
0
9422
Changing the language in Windows 10
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it. First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
Windows Server
0
10208
Oralloy
Problem With Comparison Operator <=> in G++
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed. This is as boiled down as I can make it. Here is my compilation command: g++-12 -std=c++20 -Wnarrowing bit_field.cpp Here is the code in...
C / C++
1
9987
The easy way to turn off automatic updates for Windows 10/11
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
Windows Server
0
9857
tracyyun
Discussion: How does Zigbee compare with other wireless protocols in smart home applications?
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
General
0
8867
agi2029
AI Job Threat for Devs
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own.... Now, this would greatly impact the work of software developers. The idea...
Career Advice
1
7404
isladogs
Access Europe - Using VBA to create a class based on a table - Wed 1 May
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules. He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms. Adolph will...
Microsoft Access / VBA
0
5444
Windows Forms - .Net 8.0
by: adsilva | last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
Visual Basic .NET
1
3952
transfer the data from one system to another through ip address
by: 6302768590 | last post by:
Hai team i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
C# / C Sharp
2
3558
muto222
How to add payments to a PHP MySQL app.
by: muto222 | last post by:
How can i add a mobile payment intergratation into php mysql website.
PHP

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes
How to Post and Respond on Bytes
How to Promote and Link on Bytes
How to increase your Ranking on Bytes
Become a Recognized Expert on Bytes
Feedback Welcomed! Contact Us