Hi - I hope someone can help with this question.. There is a web site I've worked on recently that requests some files from another site that ends in a different domain. Internet Explorer shows a security warning, saying it blocked cookies from the other site. From what I understand, the solution is to set up a compact privacy policy on the other site. We have done so, but Internet Explorer still blocks the other site's cookies, saying it can't find the privacy policy from the other site. I've verified that the compact privacy policy is in the headers when a file from the other site is requested, and the compact privacy policy looks correct. So, why wouldn't Internet Explorer be able to find the privacy policy?

This is a public-facing web site, so this isn't a situation where we can simply use another browser or reduce privacy settings.

Nightfox

Nightfox wrote:

Hi - I hope someone can help with this question.. There is a web site I've worked on recently that requests some files from another site that ends in a different domain. Internet Explorer shows a security warning, saying it blocked cookies from the other site. From what I understand, the solution is to set up a compact privacy policy on the other site. We have done so, but Internet Explorer still blocks the other site's cookies, saying it can't find the privacy policy from the other site. I've verified that the compact privacy
policy is in the headers when a file from the other site is requested, and the
compact privacy policy looks correct. So, why wouldn't Internet Explorer be able to find the privacy policy?

This is a public-facing web site, so this isn't a situation where we can simply
use another browser or reduce privacy settings.

Do you control site #2? If so, does it *need* to issue cookies?

Also, could it be you have enhanced (stronger than normal) security settings (like on a Windows Server OS)?

--
Michael J. Ryan - http://tracker1.info/

---
■ Synchronet ■ Roughneck BBS - telnet://roughneckbbs.com - www.roughneckbbs.com

Re: Re: Internet Explorer and privacy policies
By: Tracker1 to Nightfox on Wed May 12 2010 21:43:19

Do you control site #2? If so, does it *need* to issue cookies?

Yes, we control site #2, and it does need to issue cookies.

Also, could it be you have enhanced (stronger than normal) security settings (like on a Windows Server OS)?

No, I was using the default security settings. This is a web site that will be accessed by anyone, so it needs to be able to work as such (with default IE security settings, on a regular Windows OS such as Windows XP, etc.).

Nightfox

Nightfox wrote:

Do you control site #2? If so, does it *need* to issue cookies?

Yes, we control site #2, and it does need to issue cookies.

Was just asking, as you didn't state what was coming in from server #2. Is there a public link available with the issue? could you recreate it using two sites that can be accessed publicly (with similar types of content/feeding) from the site on server1, to the extra content from server2.

Also, could it be you have enhanced (stronger than normal) security settings >> (like on a Windows Server OS)?

No, I was using the default security settings. This is a web site that will be
accessed by anyone, so it needs to be able to work as such (with default IE security settings, on a regular Windows OS such as Windows XP, etc.).

I am meaning, are you doing your test browsing from Windows Server? It's not reliable to do browse testing from servers in IE, as the restrictions are much more locked down (almost unusably so).

--
Michael J. Ryan - http://tracker1.info/

---
■ Synchronet ■ Roughneck BBS - telnet://roughneckbbs.com - www.roughneckbbs.com