When is not a cookie, a cookie?

[jakeyg]

Been developing a website and being using a subdirectory of my mainsite to develop it online. I've just uploaded V1 of the code for approval to the customer site. There are no cookies in the site at all

Everything works fine if you "accept all cookies" on both sites, but if the privacy setting is set to "medium", then you can log into the site on the devsite but not the customersite. To get it to work on the customer site you have to set it to "low"

The Privacy Report says that the logo.gif and the .css files are blocked, but the logo is on there on the page and its all styled as its supposed to be.

Does anyone know why the css and gif are being refered to as cookies and why the cookie free login process doesn't let you log in without cookies being accepted?

I get the same problem in Firefox as well as IE, unblock the cookies and it works, block them and you can't log in

 

[AdaHacker]

What technology did you use to build the site, i.e. is it PHP, ASP, or something else? Just because you don't explicitly set a cookie doesn't mean that your interpreter won't set one for you.

Since you mention authentication, I'd guess that your applicaiton probably uses session variables (since most people use them someplace in the authentication code). In PHP, session IDs can be propogated using cookies, URL parameters, or embedded form elements, depending on your configuration. I believe ASP also handles sessions using cookies, but I don't if you can use other methods. So it's entirely likely that you are using cookies, but that they're set transparently.

 

[jakeyg]

It's written in ASP
someone said "it might be a problem with the URL alias as the files are stored on the customers webspace in a subdirectory and the URL they've bought masks onto that subdirectory and because one URL is setting the cookies and another is picking them up..."

I'm just having a look to see if I can make any sense of that in English

thanks