Hi Roland, Yes, the Privacy and Security settings are different.
This is the part that requires instructions for the user. Cheers... -----Original Message----- From: Roland Dumas <[EMAIL PROTECTED]> To: "[EMAIL PROTECTED]" <[EMAIL PROTECTED]> Date: Wed, 13 Oct 2004 08:06:52 -0700 Subject: Re: Witango-Talk: Cookies > Actually, I was thinking of the "privacy" setting. Have had several > cases of > people just running up to the top and not reading that they were > turning > cookies off. > > > On 10/13/04 7:50 AM, "Scott Cadillac" <[EMAIL PROTECTED]> wrote: > > > Hi Roland, > > > > I hear ya - but actually...turning up the Security settings in MSIE > to "high" > > does _not_ > > disable regular cookie or "session" cookie functionality. Security > and cookies > > are two > > different things. > > > > Most settings in modern browsers do not directly connect cookies and > security > > - because cookies > > are not actually a "Security" issue, they are a "Privacy" issue. > > > > This includes Windows XP SP2. > > > > With the way cookie settings work with most every brand of browser > these days > > - a user has to > > go into their settings/preferences and deliberately disable the > "session" > > cookie settings > > themselves, therefore they should know how to turn them back on. > > > > Hope this helps. Cheers... > > > > Scott Cadillac, > > XML-Extranet ~ 403-254-5002 ~ [EMAIL PROTECTED] > > ------------ > > Well-formed Programming in C# ASP.NET, Witango and XML > > For Hire ~ http://xmlx.ca/forhire > > ------------ > > IExtranet ~ http://IExtranet.net > > ------------ > > Weblog ~ http://xmlx.ca > > Forums ~ http://forums.xmlx.ca > > Knowledge Base ~ http://kb.xmlx.ca > > ------------ > > P.O. Box 69006 > > RPO Bridlewood SW > > Calgary, Alberta > > Canada T2Y 4T9 > > > > > > > > -----Original Message----- > > From: Roland Dumas <[EMAIL PROTECTED]> > > To: "[EMAIL PROTECTED]" <[EMAIL PROTECTED]> > > Date: Wed, 13 Oct 2004 07:17:00 -0700 > > Subject: Re: Witango-Talk: Cookies > > > >> Many with cookies off don't know about cookies. They just dialed up > the > >> "security" setting in MSIE to "high" after reading articles on all > the > >> evil > >> things that lurk on the web. Telling them that they have to lower > >> security > >> settings for your site confuses and scares them. Educating a user > can > >> be a > >> challenge. > >> > >> > >> On 10/13/04 6:25 AM, "John McGowan" <[EMAIL PROTECTED]> wrote: > >> > >>> Listen to Scott on this one. If you can educate just one user that > >>> turning session cookies back on isn't going to blow up their > computer > >> or > >>> get their credit card stolen then our society becomes one step > closer > >> to > >>> nirvana. > >>> > >>> If you were an auto dealer and a customer brought their car in and > >> said > >>> they didn't "like to have the battery plugged in", but wanted to > know > >>> why they couldn't start their car, would you install a hand crank > >> for > >>> them to start their car? > >>> > >>> I know... It's a weak analogy... :) > >>> > >>> /John > >>> > >>> Scott Cadillac wrote: > >>> > >>>> Hi Steve, > >>>> > >>>> If you recall, the point and the conclusion on that long > discussion > >> was > >>>> "security" - if a user > >>>> has session-cookies disabled, then so be it. Just display a > message > >> telling > >>>> them to turn it > >>>> back on before allowing them to proceed (provide instructions). > >>>> > >>>> This is the most secure way to handle session management for any > web > >> platform > >>>> (SSL is a > >>>> different matter). > >>>> > >>>> The issue is about security - why compromise security for user > >> convenience. > >>>> Giving them > >>>> convenience now just delays more serious problems until a later > >> date. > >>>> > >>>> ---- > >>>> Yes, additional user variables may be assigned on the Server > because > >> of > >>>> missing session- > >>>> cookies. Unfortunately, it is one down-side to pay for better > >> security for > >>>> your visitors. > >>>> > >>>> ----- > >>>> As for testing for cookies, writing a bit of code for this is not > >> difficult - > >>>> but keep in mind > >>>> there is a different between "session" cookies and regular > cookies, > >> and that > >>>> most every modern > >>>> browser has settings for both kinds (and that some browsers use > >> different > >>>> terminology to > >>>> describe these two kinds of cookies). > >>>> > >>>> Hope this helps. Cheers.... > >>>> > >>>> Scott Cadillac, > >>>> XML-Extranet ~ 403-254-5002 ~ [EMAIL PROTECTED] > >>>> ------------ > >>>> Well-formed Programming in C# ASP.NET, Witango and XML > >>>> For Hire ~ http://xmlx.ca/forhire > >>>> ------------ > >>>> IExtranet ~ http://IExtranet.net > >>>> ------------ > >>>> Weblog ~ http://xmlx.ca > >>>> Forums ~ http://forums.xmlx.ca > >>>> Knowledge Base ~ http://kb.xmlx.ca > >>>> ------------ > >>>> P.O. Box 69006 > >>>> RPO Bridlewood SW > >>>> Calgary, Alberta > >>>> Canada T2Y 4T9 > >>>> > >>>> > >>>> > >>>> -----Original Message----- > >>>> From: "Fogelson, Steve" <[EMAIL PROTECTED]> > >>>> To: "Witango User Group (E-mail)" <[EMAIL PROTECTED]> > >>>> Date: Tue, 12 Oct 2004 15:40:48 -0500 > >>>> Subject: Witango-Talk: Cookies > >>>> > >>>> > >>>> > >>>>> I have built my shopping cart application without > <@userreference> > >> tag > >>>>> at > >>>>> the end of each url. It seemed after all the discussion about a > >> year > >>>>> ago > >>>>> that this was the way to go. Especially with search engine > spiders > >> and > >>>>> hijacked sessions. > >>>>> > >>>>> I talked to one of our online customers today and discovered that > >> he > >>>>> was > >>>>> being assigned a new session id every time he added an item to > his > >>>>> cart. > >>>>> > >>>>> I'm trying to figure out a strategy for handling customers that > >> have > >>>>> disabled cookies, besides requiring them to sign in when entering > >> the > >>>>> site. > >>>>> > >>>>> Is there a way to check to see if they have cookies disabled? > >>>>> > >>>>> Any ideas on how to handle customers that have disabled cookies? > >>>>> > >>>>> I am also concerned about all the user variables being created > for > >> this > >>>>> type > >>>>> of customer. Thanks in advance for your help. > >>>>> > >>>>> Steve Fogelson > >>>>> Internet Commerce Solutions > >>>>> > >>>>> > >>>>> > >> > _______________________________________________________________________ > >>>>> _ > >>>>> TO UNSUBSCRIBE: Go to > http://www.witango.com/developer/maillist.taf > >>>>> > >>>>> > >>>> > >>>> > >>>> > >> > _______________________________________________________________________ > >> _ > >>>> TO UNSUBSCRIBE: Go to > http://www.witango.com/developer/maillist.taf > >>>> > >>>> > >>>> > >>> > >> > _______________________________________________________________________ > >> _ > >>> TO UNSUBSCRIBE: Go to http://www.witango.com/developer/maillist.taf > >>> > >> > >> > >> ----------------------------------------- > >> Roland Dumas > >> Roberts Information Services > >> 310 W. Bellevue Avenue > >> San Mateo CA 94402 > >> 650-347-1373 > >> 415-412-9300 (cell) > >> [EMAIL PROTECTED] > >> SMS: http://new.servqual.com/html/sms.tml > >> > >> > >> > _______________________________________________________________________ > >> _ > >> TO UNSUBSCRIBE: Go to http://www.witango.com/developer/maillist.taf > > > > > > > _______________________________________________________________________ > _ > > TO UNSUBSCRIBE: Go to http://www.witango.com/developer/maillist.taf > > > > > ----------------------------------------- > Roland Dumas > Roberts Information Services > 310 W. Bellevue Avenue > San Mateo CA 94402 > 650-347-1373 > 415-412-9300 (cell) > [EMAIL PROTECTED] > SMS: http://new.servqual.com/html/sms.tml > > > _______________________________________________________________________ > _ > TO UNSUBSCRIBE: Go to http://www.witango.com/developer/maillist.taf ________________________________________________________________________ TO UNSUBSCRIBE: Go to http://www.witango.com/developer/maillist.taf
