Actually, I was thinking of the "privacy" setting. Have had several cases of people just running up to the top and not reading that they were turning cookies off.
On 10/13/04 7:50 AM, "Scott Cadillac" <[EMAIL PROTECTED]> wrote: > Hi Roland, > > I hear ya - but actually...turning up the Security settings in MSIE to "high" > does _not_ > disable regular cookie or "session" cookie functionality. Security and cookies > are two > different things. > > Most settings in modern browsers do not directly connect cookies and security > - because cookies > are not actually a "Security" issue, they are a "Privacy" issue. > > This includes Windows XP SP2. > > With the way cookie settings work with most every brand of browser these days > - a user has to > go into their settings/preferences and deliberately disable the "session" > cookie settings > themselves, therefore they should know how to turn them back on. > > Hope this helps. Cheers... > > Scott Cadillac, > XML-Extranet ~ 403-254-5002 ~ [EMAIL PROTECTED] > ------------ > Well-formed Programming in C# ASP.NET, Witango and XML > For Hire ~ http://xmlx.ca/forhire > ------------ > IExtranet ~ http://IExtranet.net > ------------ > Weblog ~ http://xmlx.ca > Forums ~ http://forums.xmlx.ca > Knowledge Base ~ http://kb.xmlx.ca > ------------ > P.O. Box 69006 > RPO Bridlewood SW > Calgary, Alberta > Canada T2Y 4T9 > > > > -----Original Message----- > From: Roland Dumas <[EMAIL PROTECTED]> > To: "[EMAIL PROTECTED]" <[EMAIL PROTECTED]> > Date: Wed, 13 Oct 2004 07:17:00 -0700 > Subject: Re: Witango-Talk: Cookies > >> Many with cookies off don't know about cookies. They just dialed up the >> "security" setting in MSIE to "high" after reading articles on all the >> evil >> things that lurk on the web. Telling them that they have to lower >> security >> settings for your site confuses and scares them. Educating a user can >> be a >> challenge. >> >> >> On 10/13/04 6:25 AM, "John McGowan" <[EMAIL PROTECTED]> wrote: >> >>> Listen to Scott on this one. If you can educate just one user that >>> turning session cookies back on isn't going to blow up their computer >> or >>> get their credit card stolen then our society becomes one step closer >> to >>> nirvana. >>> >>> If you were an auto dealer and a customer brought their car in and >> said >>> they didn't "like to have the battery plugged in", but wanted to know >>> why they couldn't start their car, would you install a hand crank >> for >>> them to start their car? >>> >>> I know... It's a weak analogy... :) >>> >>> /John >>> >>> Scott Cadillac wrote: >>> >>>> Hi Steve, >>>> >>>> If you recall, the point and the conclusion on that long discussion >> was >>>> "security" - if a user >>>> has session-cookies disabled, then so be it. Just display a message >> telling >>>> them to turn it >>>> back on before allowing them to proceed (provide instructions). >>>> >>>> This is the most secure way to handle session management for any web >> platform >>>> (SSL is a >>>> different matter). >>>> >>>> The issue is about security - why compromise security for user >> convenience. >>>> Giving them >>>> convenience now just delays more serious problems until a later >> date. >>>> >>>> ---- >>>> Yes, additional user variables may be assigned on the Server because >> of >>>> missing session- >>>> cookies. Unfortunately, it is one down-side to pay for better >> security for >>>> your visitors. >>>> >>>> ----- >>>> As for testing for cookies, writing a bit of code for this is not >> difficult - >>>> but keep in mind >>>> there is a different between "session" cookies and regular cookies, >> and that >>>> most every modern >>>> browser has settings for both kinds (and that some browsers use >> different >>>> terminology to >>>> describe these two kinds of cookies). >>>> >>>> Hope this helps. Cheers.... >>>> >>>> Scott Cadillac, >>>> XML-Extranet ~ 403-254-5002 ~ [EMAIL PROTECTED] >>>> ------------ >>>> Well-formed Programming in C# ASP.NET, Witango and XML >>>> For Hire ~ http://xmlx.ca/forhire >>>> ------------ >>>> IExtranet ~ http://IExtranet.net >>>> ------------ >>>> Weblog ~ http://xmlx.ca >>>> Forums ~ http://forums.xmlx.ca >>>> Knowledge Base ~ http://kb.xmlx.ca >>>> ------------ >>>> P.O. Box 69006 >>>> RPO Bridlewood SW >>>> Calgary, Alberta >>>> Canada T2Y 4T9 >>>> >>>> >>>> >>>> -----Original Message----- >>>> From: "Fogelson, Steve" <[EMAIL PROTECTED]> >>>> To: "Witango User Group (E-mail)" <[EMAIL PROTECTED]> >>>> Date: Tue, 12 Oct 2004 15:40:48 -0500 >>>> Subject: Witango-Talk: Cookies >>>> >>>> >>>> >>>>> I have built my shopping cart application without <@userreference> >> tag >>>>> at >>>>> the end of each url. It seemed after all the discussion about a >> year >>>>> ago >>>>> that this was the way to go. Especially with search engine spiders >> and >>>>> hijacked sessions. >>>>> >>>>> I talked to one of our online customers today and discovered that >> he >>>>> was >>>>> being assigned a new session id every time he added an item to his >>>>> cart. >>>>> >>>>> I'm trying to figure out a strategy for handling customers that >> have >>>>> disabled cookies, besides requiring them to sign in when entering >> the >>>>> site. >>>>> >>>>> Is there a way to check to see if they have cookies disabled? >>>>> >>>>> Any ideas on how to handle customers that have disabled cookies? >>>>> >>>>> I am also concerned about all the user variables being created for >> this >>>>> type >>>>> of customer. Thanks in advance for your help. >>>>> >>>>> Steve Fogelson >>>>> Internet Commerce Solutions >>>>> >>>>> >>>>> >> _______________________________________________________________________ >>>>> _ >>>>> TO UNSUBSCRIBE: Go to http://www.witango.com/developer/maillist.taf >>>>> >>>>> >>>> >>>> >>>> >> _______________________________________________________________________ >> _ >>>> TO UNSUBSCRIBE: Go to http://www.witango.com/developer/maillist.taf >>>> >>>> >>>> >>> >> _______________________________________________________________________ >> _ >>> TO UNSUBSCRIBE: Go to http://www.witango.com/developer/maillist.taf >>> >> >> >> ----------------------------------------- >> Roland Dumas >> Roberts Information Services >> 310 W. Bellevue Avenue >> San Mateo CA 94402 >> 650-347-1373 >> 415-412-9300 (cell) >> [EMAIL PROTECTED] >> SMS: http://new.servqual.com/html/sms.tml >> >> >> _______________________________________________________________________ >> _ >> TO UNSUBSCRIBE: Go to http://www.witango.com/developer/maillist.taf > > > ________________________________________________________________________ > TO UNSUBSCRIBE: Go to http://www.witango.com/developer/maillist.taf > ----------------------------------------- Roland Dumas Roberts Information Services 310 W. Bellevue Avenue San Mateo CA 94402 650-347-1373 415-412-9300 (cell) [EMAIL PROTECTED] SMS: http://new.servqual.com/html/sms.tml ________________________________________________________________________ TO UNSUBSCRIBE: Go to http://www.witango.com/developer/maillist.taf
