[thelist] A question concerning P3P policies and 3rd party cookies

Chris Johnston chris at fuzzylizard.com
Thu Oct 9 10:13:39 CDT 2003

I have an application that is being hosted and somewhat managed by another
company. This is a flash application usign ASP for the database
connections. Within the ASP pages, I am using session variables to track
the user through the application.

The problem is that the session variables place a cookie on the users
machine. This cookie is being placed as a 3rd party cookie. However, on a
default install of IE6, the privacy settings block this cookie.

One solution that I am looking at is placing a p3p policy statement on the
server that will be connected to this cookie. However, in reading the w3c
specification I am not sure if this is possible. The policy statement and
user data collection for the site is handled by the other company. (A
company that is not being to helpful in trying to solve my problem).

The question that I have is, is it possible to still attach a p3p policy
statement to a single cookie without fully implementing the entire p3p
policy specification? In other words, I need a way to slip a 3rd party ASP
SessionID cookie past the default privacy settings in IE6.

Chris Johnston

chris at fuzzylizard.com

More information about the thelist mailing list