Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chris Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Cookie, Session, Hotmail, Privacy Setting Problems

Status
Not open for further replies.
Alpha7

Alpha7

Programmer
Nov 4, 2002
6
US
Hi all,
I'm working on an app that sends a link with a query string to an email address. It works fine for everyone but hotmail users. The reason for this is because hotmail appends my link to another link like so: (My link is in red.)

.http%3a%2f%2fwww%2ekinetica%2dmedia%2ecom%2fcustomer_index%2easpx%3fbf_name%3dENR00001%26cust_id%3dotheranton%40hotmail%2ecom%26ebatch_id%3d36

It wouldn't display my content and such.
I've corrected it so that it will seperate the link and pull my variables from referral link then, recreate the and redirect to it. But that only worked on one of my 2 computers.
I then found that hotmail uses a cookie or session in it's redirection. I set my browsers to accept cookies from my website and now it's all good.

Now the Question. How do I create a compact privacy statment?
On most users browsers (default config), it blocks third party cookies without one of these policies so if I can make one I'll be all set.
Also What is the difference between first and third party cookies?

Any Help would be much appreciated.
Thanks All
[bat] ^\A7/^ [bat]
 
Sort by date Sort by votes
Hi all,
I've found some info that might help anyone with similar problems in the futer.

IE 6 is where my problem is and after some investigating I've found that it (IE 6) is configured by default to not accept cookies without a compact privacy pollicy.

What does that mean?? Well let me tell you it means that microsoft by default has hamppered it's whole .Net platform.

All ASP.Net pages/programs/what have you rely on at least one cookie. The session ID. So it happens that EI6 will have problems with ASP.Net be default.

Alot of people offer instructing useres to modify their browser settings to fix the issue. But, users don't want to mess with browser settings and such, they want to point, click, and get on with their gettings on.

The best solution would be to add a CPP and while your at it a P3P Policy as well. Go to for the specs and such. There you will find all of the codes you need to make a CPP.

I used a very simple solution and I'll explain try to explain it alittle. This should be enough to get you started.

What I did was append a CPP to the header of the page that was giving me the problem. I use C# and my code looks like this:

<% Response.AppendHeader(&quot;P3P&quot; , &quot;policyref=&quot;+'&quot;'+&quot; , &quot;+&quot;CP=&quot;+'&quot;'+&quot;NOI &quot;+&quot;NID &quot;+&quot;CUR &quot;+&quot;OUR &quot;+&quot;NOR&quot;+'&quot;'); %>

I'm not going to explain it all. (if you really want to know you can look up the codes at the P3P page.) But this adds a P3P header to your page and lets IE6 know your not trying to gather or keep users info with cookies.

Now for the P3P policy.
First you create a w3c in your websites root directory. The red colored words are not to be renamed.

In your new w3c folder you'll place your reference file named p3p.xml. What this file does is point to your policy/policys, and looks sort of like this:

<META xmlns=&quot; <POLICY-REFERENCES>
<EXPIRY max-age=&quot;772804&quot;/>
<POLICY-REF about=&quot;policy.xml#first&quot;>
<INCLUDE>/*</INCLUDE>
</POLICY-REF>
</POLICY-REFERENCES>
</META>

EXPIRY is the expiration date.(I think this is optional)

The policy.xml is the file, which you can call what ever you want. The #first is the name of the policy you are referencing.

INCLUDE is the list of directories and/or files the policy your are refrencing applies to.
There can be multiple INCLUDEs.

Now the policy looks like so:
<POLICIES xmlns=&quot; <POLICY name=&quot;first&quot;
discuri=&quot; xml:lang=&quot;en&quot;>
<ENTITY>
<DATA-GROUP>
<DATA ref=&quot;#business.name&quot;>Your Business Name</DATA>
<DATA ref=&quot;#business.contact-info.postal.street&quot;>YB Street Name</DATA>
<DATA ref=&quot;#business.contact-info.postal.city&quot;>YB City</DATA>
<DATA ref=&quot;#business.contact-info.postal.stateprov&quot;>YB State(AA)</DATA>
<DATA ref=&quot;#business.contact-info.postal.postalcode&quot;>YB Zip</DATA>
<DATA ref=&quot;#business.contact-info.postal.country&quot;>USA</DATA>
<DATA ref=&quot;#business.contact-info.online.email&quot;>customerservice@yourwebsite.com</DATA>
<DATA ref=&quot;#business.contact-info.telecom.telephone.intcode&quot;>1</DATA>
<DATA ref=&quot;#business.contact-info.telecom.telephone.loccode&quot;>YB Area Code</DATA>
<DATA ref=&quot;#business.contact-info.telecom.telephone.number&quot;>YB Phone #</DATA>
</DATA-GROUP>
</ENTITY>
<ACCESS><all/></ACCESS>
<DISPUTES-GROUP>
<DISPUTES resolution-type=&quot;service&quot;
service=&quot; short-description=&quot;Please contact our customer service department with
privacy concerns by emailing customerservice@yourwebsite.com&quot;>
<REMEDIES><correct/></REMEDIES>
</DISPUTES>
</DISPUTES-GROUP>
<STATEMENT>
<PURPOSE><current/><admin/><develop/><tailoring/><pseudo-analysis/><pseudo-decision/><individual-analysis/><individual-decision/><contact/><historical/><other-purpose/> </PURPOSE>
<RECIPIENT><ours/></RECIPIENT>
<RETENTION><business-practices/><stated-purpose/></RETENTION>
<DATA-GROUP>
<DATA ref=&quot;#dynamic.clickstream&quot;/>
<DATA ref=&quot;#dynamic.http&quot;/>
<CATEGORIES><physical/><online/><uniqueid/><computer/><navigation/><interactive/><demographic/>
<content/><state/><preference/><other-category/>
</CATEGORIES>
</DATA-GROUP>
</STATEMENT>
</POLICY>
</POLICIES>

discuri is the location of your normal html user readable version of your privacy policy. Basicaly the one you have had.

The buisness details are self explanitory.

ACCESS is the level of access the users have to the data you store about them.

DISPUTES-GROUP & DISPUTES contain info about how you handle privacy disputes.

STATMENT this is the policy itself. Its all mxl based and it generates your policy dynamicaly by the tags you use. (Go to Veiw/Privacy repor on you browser.)

PURPOSEis why you collect the information.

RECIPIENT is who gets the info.

RETENTION is how long you'll keep the info.

DATA is how you collect the data.(I think)

CATAGORIES are the kinda of info you collect.

Thats about it. I beleive they are all customizable but the defauls work fine enough for me right now.

I hope this helps explain and help solve the IE6 P3P bug.


[bat] ^\A7/^ [bat]
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

WIREMESH
  • Locked
  • Question
Google Chrome Lost Session
Replies
0
Views
719
WIREMESH
WIREMESH
dvannoy
  • Locked
  • Question
Session Timeout Question
Replies
1
Views
279
jbenson001
jbenson001
Dashley
  • Locked
  • Question
System.Net.ServicePointManager Setting TSL's 1
Replies
4
Views
350
jbenson001
jbenson001
dvannoy
  • Locked
  • Question
Setting hyperlink from datareader
Replies
0
Views
102
dvannoy
dvannoy
dvannoy
  • Locked
  • Question
Setting Focus in a Ajax Tab
Replies
0
Views
103
dvannoy
dvannoy

Part and Inventory Search

Sponsor

Back
Top