As I noted, we did try adding a P3P policy, created using the IBM P3P Policy Editor. However, that did not fix the problem. We even tried setting the privacy settings to their most lax state. That did not fix the problem either. The only workaround to this bug that we've found is to add the site to the listed of allowed sites, which seems to bypass the whole privacy engine.
Benjamin S. Rogers http://www.c4.net/ v.508.240.0051 f.508.240.0057 -----Original Message----- From: Smith, Matthew P -CONT(DYN) [mailto:[EMAIL PROTECTED]] Sent: Thursday, August 29, 2002 11:05 AM To: CF-Talk Subject: RE: Big problem- session vars not saved in IE6 on CF5 This has come up a few times in discussion. I think we really need a good solution for the p3p policy and cold fusion, as I feel this is the root of the problem. P3p enforcement might be adopted by other(all) browers down the line, so it would probably be a good idea to get it solved now. I wonder if we could come up with a generic p3p policy document that people could incorporate into their site to allow the cookies we need for our CF apps? Funny thing is, asp.net apps have absolutely no problem placing their cookies. Who woulda guessed? Here's a good thread about the issue: http://webforums.macromedia.com/coldfusion/messageview.cfm?catid=3&threa did= 230279&highlight_key=y&keyword1=cookies&keyword2=p3p Anyone know of a good tutorial to get p3p implemented? I really don't want to know the ins and outs, just get around the default ie6 settings... I guess that was what I was alluding to above. Matthew P. Smith Web Developer, Object Oriented Naval Education & Training Professional Development & Technology Center (NETPDTC) (850)452-1001 ext. 1245 [EMAIL PROTECTED] >>-----Original Message----- >>From: Benjamin S. Rogers [mailto:[EMAIL PROTECTED]] >>Sent: Thursday, August 29, 2002 9:44 AM >>To: CF-Talk >>Subject: RE: Big problem- session vars not saved in IE6 on CF5 >> >>There seems to be a bug the Internet Explorer 6 privacy settings. >>Despite significantly lax restrictions, we have had a lot of problems >>with IE 6 users and sites that use cookies to track sessions. >> >>In troubleshooting the issue, we've attempted to add P3P privacy >>policies to our sites. We have tried altering the domain attribute on >>the cookies. We tried just about everything we could think of. >> >>The only workaround that we've found is to have the client add the site >>to their list of allowed sites (In the "Web Sites" section of the >>"Privacy" tab). This fixes the problem in every instance we've >>encountered. >> >>This is reasonably good work around for Intranet/Extranet sites. >>Obviously, however, it is not so good for public Internet sites. So far, >>we've left these sites "broken" and simply pointed our fingers at >>Microsoft. So, if someone has a true fix, please share it. >> >>Benjamin S. Rogers >>http://www.c4.net/ >>v.508.240.0051 >>f.508.240.0057 >> >>-----Original Message----- >>From: John Beynon [mailto:[EMAIL PROTECTED]] >>Sent: Thursday, August 29, 2002 5:32 AM >>To: CF-Talk >>Subject: RE: Big problem- session vars not saved in IE6 on CF5 >> >> >>And you know what - I'm debugging an app that used to work but doesn't >>anymore since the other day! >> >>Darn M$ >> >>Jb. >> >>-----Original Message----- >>From: Sandy Clark [mailto:[EMAIL PROTECTED]] >>Sent: 29 August 2002 02:23 >>To: CF-Talk >>Subject: RE: Big problem- session vars not saved in IE6 on CF5 >> >> >>I had the exact same problem this week when I upgraded my ie6 with the >>newest M$ patches. >> >>I have a form, which sends a login page to a script. Because the login >>page >>uses a submit button, the cookies for CFID and CFTOKEN would normally be >>set >>there. After processing, the login script cflocations the person to a >>new >>page. >> >>The funny thing is that I am not using CFLocation, but the Fusebox >>CF_Location tag which was not cookie problematic. >> >>The app works fine on Opera, Netscape 4.x and 6.2 as well as on IE < 6. >> >>The application was definitely losing cookies, I cfdumped all session >>variables and http_cookie changed each time. My ultimate solution was >>to >>pass (during the first CF_Location only), the CFID and CFTOKEN on the >>URL. >>After that I don't pass them and the application works fine. I checked >>all >>my settings in IE 6 and they were all accepting cookies. Very weird. >> >>Any other better solutions (or even better rational explanations for the >>problem) would be much appreciated. >> >>Sandy Clark >> >>-----Original Message----- >>From: Kym Kovan [mailto:[EMAIL PROTECTED]] >>Sent: Wednesday, August 28, 2002 8:14 PM >>To: CF-Talk >>Subject: Re: Big problem- session vars not saved in IE6 on CF5 >> >> >>Hi Don, >> >>>I am having a big problem with an old standard login system. This is >>the >>>most simple login system I know and have used it for years. >>> >>>It consists of: >>>Login form page >>>Login action page >>>Main page >>>Session variables tracking who is logged in >>> >>>The user enters in their login acct, the action page compares it >>against the >>>db, then sets some session variables and uses cflocation to forward >>them to >>>a new page or back to the login page if they fail. The application >>page >>>checks for the session variable to see if they're logged in and uses >>>cflocation to send them back to the login page if the var doesn't >>exist. >> >>I am slightly surprised that this has ever worked if I understand it >>correctly. >> >>Session and Client variables normally use cookies to control themselves, >>if >>not you have to use CFID and CFToken in your URLs. cflocation has a >>proviso >>that if you use it then any cookies set in the page before the >>cflocation >>tag will _not_ actually get sent to the browser under normal >>circumstances. >> >>This means that if you have a cflocation in your initial entry then your >> >>session may not well be set up properly..... >> >> >>-- >> >>Yours, >> >>Kym >> >> >> >> >> ______________________________________________________________________ Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
