Why do we have to modify default IE cookie settings here?

G

Guest

Hello, friends,

We developed a web site using asp.net 1.1 and Form Authentication. It works
ok.

However, when our users log into our website through internet, it requires
users to reset their IE cookie settings. For example, for IE 6.0 users, a
user will have to

(1) Click on Tools/Internet Options...,

(2) Go to Privacy tab,

(3) Click on Advanced button,

(4) Check "Override automatic cookie handling" so that IE will accept
First-party Cookies and Third-party Cookies.

This procedure is really annoying to our users.

And, to my knowledge, a lot of websites use cookies but do not require users
to reset their IE cookie settings.

Anything I did wrong? Any ideas? Is there a way to stop this? Thanks a lot.

(Our web site uses another port, not port 80, for http. Will this cause the
problem?)
 
G

George Ter-Saakov

The first party cookies are enabled by default so you do not need to reset
that.
If you planting third-party cookies meaning that they come from different
domain than the page's url shown in address bar then you need to implement
PCP
Privacy compact policy.
Basically page that sets cookie must add to the header something like that.
P3P:CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"


Done with a single line of code
Response.AddHeader("P3P", "CP=\"CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL
UNI COM NAV INT DEM PRE\"");

Does not matter what you make CP equal to. As long as it's something.

If you want to read more about PCP then good luck
http://msdn.microsoft.com/workshop/security/privacy/overview/createprivacypolicy.asp



George.
 
G

Guest

Hi, George, thanks, and let me try.

George Ter-Saakov said:
The first party cookies are enabled by default so you do not need to reset
that.
If you planting third-party cookies meaning that they come from different
domain than the page's url shown in address bar then you need to implement
PCP
Privacy compact policy.
Basically page that sets cookie must add to the header something like that.
P3P:CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"


Done with a single line of code
Response.AddHeader("P3P", "CP=\"CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL
UNI COM NAV INT DEM PRE\"");

Does not matter what you make CP equal to. As long as it's something.

If you want to read more about PCP then good luck
http://msdn.microsoft.com/workshop/security/privacy/overview/createprivacypolicy.asp



George.
Click to expand...
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Why do we have to modify default IE cookie settings here? 1
Hello all! Noob here with completely unrealistic ambitions. Happy to join the crew and get good enough to help others. 4
have you read emacs manual cover to cover?; (was Do we need a"Stevens" book?) 0
Login / auth cookie problem after migrating to .NET 2.0 2
Third-Part Cookies blocked by IE 4
Why do we need more code in Application_AuthenticateRequest()? 1
Do we have a new tool in .net to create ActiveX .cab file? 0
What We Do we make a living by what we get. We make a life by what wegive. &Winston Churchill . 0

Members online

Total: 58 (members: 3, guests: 55)
Robots: 445

Forum statistics

Threads
473,982
Messages
2,570,190
Members
46,740
Latest member
AdolphBig6

Latest Threads

Top