Hi Rick, > Actually by default in MSIE, session cookies are disabled. To allow > session > cookies, you actually have to manually turn them on. > > This has been since SP1 of Windows XP, or MSIE 6. MSIE 6 has tightened > security, so when you install it be default, session cookies, first > party, > and third party cookies are all disabled.
Check out the following article. http://support.microsoft.com/default.aspx?scid=kb;en-us;283185 I think you'll find that this is generally not the case, but of course there are always exceptions to every rule, depending on where you get your software and hardware, etc... > So, an average user won't know this. If a user is concerned about > security, > they can just enable session cookies, but disable the rest. This way, > your > WiTango applications will work. > > And, cookies have become a major security issue. Not because of > viruses, but > Adware that can track everything you type on the web and send it back > to a > marketing company. So, the tracking cookies have become a big security > issue. Again, it's not the batteries fault. Note, tracking cookies (3rd party) are different than session-cookies and most modern browsers provide separate settings for each. > Adware can also slow down your computer, and cause the browser > to not > function properly either. Adware of this nature goes way beyond a problem with cookies. > I hope this information is useful. Edumacation is always a useful thing. Thank you..... > Rick Sanders > > > > Hi Roland, > > > > I hear ya - but actually...turning up the Security settings in MSIE > to > > "high" does _not_ > > disable regular cookie or "session" cookie functionality. Security > and > > cookies are two > > different things. > > > > Most settings in modern browsers do not directly connect cookies and > > security - because cookies > > are not actually a "Security" issue, they are a "Privacy" issue. > > > > This includes Windows XP SP2. > > > > With the way cookie settings work with most every brand of browser > these > > days - a user has to > > go into their settings/preferences and deliberately disable the > "session" > > cookie settings > > themselves, therefore they should know how to turn them back on. > > > > Hope this helps. Cheers... > > > > Scott Cadillac, > > XML-Extranet ~ 403-254-5002 ~ [EMAIL PROTECTED] > > ------------ > > Well-formed Programming in C# ASP.NET, Witango and XML > > For Hire ~ http://xmlx.ca/forhire > > ------------ > > IExtranet ~ http://IExtranet.net > > ------------ > > Weblog ~ http://xmlx.ca > > Forums ~ http://forums.xmlx.ca > > Knowledge Base ~ http://kb.xmlx.ca > > ------------ > > P.O. Box 69006 > > RPO Bridlewood SW > > Calgary, Alberta > > Canada T2Y 4T9 > > > > > > > > -----Original Message----- > > From: Roland Dumas <[EMAIL PROTECTED]> > > To: "[EMAIL PROTECTED]" <[EMAIL PROTECTED]> > > Date: Wed, 13 Oct 2004 07:17:00 -0700 > > Subject: Re: Witango-Talk: Cookies > > > >> Many with cookies off don't know about cookies. They just dialed up > the > >> "security" setting in MSIE to "high" after reading articles on all > the > >> evil > >> things that lurk on the web. Telling them that they have to lower > >> security > >> settings for your site confuses and scares them. Educating a user > can > >> be a > >> challenge. > >> > >> > >> On 10/13/04 6:25 AM, "John McGowan" <[EMAIL PROTECTED]> wrote: > >> > >> > Listen to Scott on this one. If you can educate just one user > that > >> > turning session cookies back on isn't going to blow up their > computer > >> or > >> > get their credit card stolen then our society becomes one step > closer > >> to > >> > nirvana. > >> > > >> > If you were an auto dealer and a customer brought their car in and > >> said > >> > they didn't "like to have the battery plugged in", but wanted to > know > >> > why they couldn't start their car, would you install a hand crank > >> for > >> > them to start their car? > >> > > >> > I know... It's a weak analogy... :) > >> > > >> > /John > >> > > >> > Scott Cadillac wrote: > >> > > >> >> Hi Steve, > >> >> > >> >> If you recall, the point and the conclusion on that long > discussion > >> was > >> >> "security" - if a user > >> >> has session-cookies disabled, then so be it. Just display a > message > >> telling > >> >> them to turn it > >> >> back on before allowing them to proceed (provide instructions). > >> >> > >> >> This is the most secure way to handle session management for any > web > >> platform > >> >> (SSL is a > >> >> different matter). > >> >> > >> >> The issue is about security - why compromise security for user > >> convenience. > >> >> Giving them > >> >> convenience now just delays more serious problems until a later > >> date. > >> >> > >> >> ---- > >> >> Yes, additional user variables may be assigned on the Server > because > >> of > >> >> missing session- > >> >> cookies. Unfortunately, it is one down-side to pay for better > >> security for > >> >> your visitors. > >> >> > >> >> ----- > >> >> As for testing for cookies, writing a bit of code for this is not > >> difficult - > >> >> but keep in mind > >> >> there is a different between "session" cookies and regular > cookies, > >> and that > >> >> most every modern > >> >> browser has settings for both kinds (and that some browsers use > >> different > >> >> terminology to > >> >> describe these two kinds of cookies). > >> >> > >> >> Hope this helps. Cheers.... > >> >> > >> >> Scott Cadillac, > >> >> XML-Extranet ~ 403-254-5002 ~ [EMAIL PROTECTED] > >> >> ------------ > >> >> Well-formed Programming in C# ASP.NET, Witango and XML > >> >> For Hire ~ http://xmlx.ca/forhire > >> >> ------------ > >> >> IExtranet ~ http://IExtranet.net > >> >> ------------ > >> >> Weblog ~ http://xmlx.ca > >> >> Forums ~ http://forums.xmlx.ca > >> >> Knowledge Base ~ http://kb.xmlx.ca > >> >> ------------ > >> >> P.O. Box 69006 > >> >> RPO Bridlewood SW > >> >> Calgary, Alberta > >> >> Canada T2Y 4T9 > >> >> > >> >> > >> >> > >> >> -----Original Message----- > >> >> From: "Fogelson, Steve" <[EMAIL PROTECTED]> > >> >> To: "Witango User Group (E-mail)" <[EMAIL PROTECTED]> > >> >> Date: Tue, 12 Oct 2004 15:40:48 -0500 > >> >> Subject: Witango-Talk: Cookies > >> >> > >> >> > >> >> > >> >>> I have built my shopping cart application without > <@userreference> > >> tag > >> >>> at > >> >>> the end of each url. It seemed after all the discussion about a > >> year > >> >>> ago > >> >>> that this was the way to go. Especially with search engine > spiders > >> and > >> >>> hijacked sessions. > >> >>> > >> >>> I talked to one of our online customers today and discovered > that > >> he > >> >>> was > >> >>> being assigned a new session id every time he added an item to > his > >> >>> cart. > >> >>> > >> >>> I'm trying to figure out a strategy for handling customers that > >> have > >> >>> disabled cookies, besides requiring them to sign in when > entering > >> the > >> >>> site. > >> >>> > >> >>> Is there a way to check to see if they have cookies disabled? > >> >>> > >> >>> Any ideas on how to handle customers that have disabled cookies? > >> >>> > >> >>> I am also concerned about all the user variables being created > for > >> this > >> >>> type > >> >>> of customer. Thanks in advance for your help. > >> >>> > >> >>> Steve Fogelson > >> >>> Internet Commerce Solutions > >> >>> > >> >>> > >> >>> > >> > _______________________________________________________________________ > >> >>> _ > >> >>> TO UNSUBSCRIBE: Go to > http://www.witango.com/developer/maillist.taf > >> >>> > >> >>> > >> >> > >> >> > >> >> > >> > _______________________________________________________________________ > >> _ > >> >> TO UNSUBSCRIBE: Go to > http://www.witango.com/developer/maillist.taf > >> >> > >> >> > >> >> > >> > > >> > _______________________________________________________________________ > >> _ > >> > TO UNSUBSCRIBE: Go to > http://www.witango.com/developer/maillist.taf > >> > > >> > >> > >> ----------------------------------------- > >> Roland Dumas > >> Roberts Information Services > >> 310 W. Bellevue Avenue > >> San Mateo CA 94402 > >> 650-347-1373 > >> 415-412-9300 (cell) > >> [EMAIL PROTECTED] > >> SMS: http://new.servqual.com/html/sms.tml > >> > >> > >> > _______________________________________________________________________ > >> _ > >> TO UNSUBSCRIBE: Go to http://www.witango.com/developer/maillist.taf > > > > > > > _______________________________________________________________________ > _ > > TO UNSUBSCRIBE: Go to http://www.witango.com/developer/maillist.taf > > > > > _______________________________________________________________________ > _ > TO UNSUBSCRIBE: Go to http://www.witango.com/developer/maillist.taf ________________________________________________________________________ TO UNSUBSCRIBE: Go to http://www.witango.com/developer/maillist.taf
