Hi Roland, I hear ya - but actually...turning up the Security settings in MSIE to "high" does _not_ disable regular cookie or "session" cookie functionality. Security and cookies are two different things.
Most settings in modern browsers do not directly connect cookies and security - because cookies are not actually a "Security" issue, they are a "Privacy" issue. This includes Windows XP SP2. With the way cookie settings work with most every brand of browser these days - a user has to go into their settings/preferences and deliberately disable the "session" cookie settings themselves, therefore they should know how to turn them back on. Hope this helps. Cheers... Scott Cadillac, XML-Extranet ~ 403-254-5002 ~ [EMAIL PROTECTED] ------------ Well-formed Programming in C# ASP.NET, Witango and XML For Hire ~ http://xmlx.ca/forhire ------------ IExtranet ~ http://IExtranet.net ------------ Weblog ~ http://xmlx.ca Forums ~ http://forums.xmlx.ca Knowledge Base ~ http://kb.xmlx.ca ------------ P.O. Box 69006 RPO Bridlewood SW Calgary, Alberta Canada T2Y 4T9 -----Original Message----- From: Roland Dumas <[EMAIL PROTECTED]> To: "[EMAIL PROTECTED]" <[EMAIL PROTECTED]> Date: Wed, 13 Oct 2004 07:17:00 -0700 Subject: Re: Witango-Talk: Cookies > Many with cookies off don't know about cookies. They just dialed up the > "security" setting in MSIE to "high" after reading articles on all the > evil > things that lurk on the web. Telling them that they have to lower > security > settings for your site confuses and scares them. Educating a user can > be a > challenge. > > > On 10/13/04 6:25 AM, "John McGowan" <[EMAIL PROTECTED]> wrote: > > > Listen to Scott on this one. If you can educate just one user that > > turning session cookies back on isn't going to blow up their computer > or > > get their credit card stolen then our society becomes one step closer > to > > nirvana. > > > > If you were an auto dealer and a customer brought their car in and > said > > they didn't "like to have the battery plugged in", but wanted to know > > why they couldn't start their car, would you install a hand crank > for > > them to start their car? > > > > I know... It's a weak analogy... :) > > > > /John > > > > Scott Cadillac wrote: > > > >> Hi Steve, > >> > >> If you recall, the point and the conclusion on that long discussion > was > >> "security" - if a user > >> has session-cookies disabled, then so be it. Just display a message > telling > >> them to turn it > >> back on before allowing them to proceed (provide instructions). > >> > >> This is the most secure way to handle session management for any web > platform > >> (SSL is a > >> different matter). > >> > >> The issue is about security - why compromise security for user > convenience. > >> Giving them > >> convenience now just delays more serious problems until a later > date. > >> > >> ---- > >> Yes, additional user variables may be assigned on the Server because > of > >> missing session- > >> cookies. Unfortunately, it is one down-side to pay for better > security for > >> your visitors. > >> > >> ----- > >> As for testing for cookies, writing a bit of code for this is not > difficult - > >> but keep in mind > >> there is a different between "session" cookies and regular cookies, > and that > >> most every modern > >> browser has settings for both kinds (and that some browsers use > different > >> terminology to > >> describe these two kinds of cookies). > >> > >> Hope this helps. Cheers.... > >> > >> Scott Cadillac, > >> XML-Extranet ~ 403-254-5002 ~ [EMAIL PROTECTED] > >> ------------ > >> Well-formed Programming in C# ASP.NET, Witango and XML > >> For Hire ~ http://xmlx.ca/forhire > >> ------------ > >> IExtranet ~ http://IExtranet.net > >> ------------ > >> Weblog ~ http://xmlx.ca > >> Forums ~ http://forums.xmlx.ca > >> Knowledge Base ~ http://kb.xmlx.ca > >> ------------ > >> P.O. Box 69006 > >> RPO Bridlewood SW > >> Calgary, Alberta > >> Canada T2Y 4T9 > >> > >> > >> > >> -----Original Message----- > >> From: "Fogelson, Steve" <[EMAIL PROTECTED]> > >> To: "Witango User Group (E-mail)" <[EMAIL PROTECTED]> > >> Date: Tue, 12 Oct 2004 15:40:48 -0500 > >> Subject: Witango-Talk: Cookies > >> > >> > >> > >>> I have built my shopping cart application without <@userreference> > tag > >>> at > >>> the end of each url. It seemed after all the discussion about a > year > >>> ago > >>> that this was the way to go. Especially with search engine spiders > and > >>> hijacked sessions. > >>> > >>> I talked to one of our online customers today and discovered that > he > >>> was > >>> being assigned a new session id every time he added an item to his > >>> cart. > >>> > >>> I'm trying to figure out a strategy for handling customers that > have > >>> disabled cookies, besides requiring them to sign in when entering > the > >>> site. > >>> > >>> Is there a way to check to see if they have cookies disabled? > >>> > >>> Any ideas on how to handle customers that have disabled cookies? > >>> > >>> I am also concerned about all the user variables being created for > this > >>> type > >>> of customer. Thanks in advance for your help. > >>> > >>> Steve Fogelson > >>> Internet Commerce Solutions > >>> > >>> > >>> > _______________________________________________________________________ > >>> _ > >>> TO UNSUBSCRIBE: Go to http://www.witango.com/developer/maillist.taf > >>> > >>> > >> > >> > >> > _______________________________________________________________________ > _ > >> TO UNSUBSCRIBE: Go to http://www.witango.com/developer/maillist.taf > >> > >> > >> > > > _______________________________________________________________________ > _ > > TO UNSUBSCRIBE: Go to http://www.witango.com/developer/maillist.taf > > > > > ----------------------------------------- > Roland Dumas > Roberts Information Services > 310 W. Bellevue Avenue > San Mateo CA 94402 > 650-347-1373 > 415-412-9300 (cell) > [EMAIL PROTECTED] > SMS: http://new.servqual.com/html/sms.tml > > > _______________________________________________________________________ > _ > TO UNSUBSCRIBE: Go to http://www.witango.com/developer/maillist.taf ________________________________________________________________________ TO UNSUBSCRIBE: Go to http://www.witango.com/developer/maillist.taf
