Rex(Wrecks) has asked for the wisdom of the Perl Monks concerning the following question:

I'm using cookies on my site, and it seems that Mozilla and IE5 work just fine, but with IE6 I run into problems. The cookie gets set, and it is still there even after I kill and reload IE6, but when I hit the site again...bye-bye cookie before the site can read it.

If I tweak the settings in IE->Properties->Privacy->Edit... and add the site, everything works right.

my questions are:
  • Why does this happen?
  • what do I have to do to get around it so users don't have to tweak this setting?

    "Nothing is sure but death and taxes" I say combine the two and its death to all taxes!

    • Replies are listed 'Best First'.
    Re: IE6 and cookies
    by screamingeagle (Curate) on Jan 25, 2002 at 03:36 UTC
      IE6 has a new feature called "compact policies" which follow the specifications of the "Platform for Privacy Preferences (P3P) Project" developed by the World Wide Web Consortium (W3C). This feature causes IE6 to process cookies based on these policies. What this means is that your web site will need to have a Policy File which contains the compact policies which, in turn, will be processed by IE 6 to determine how it will handle the cookie you're setting... Here is the link to the documentation in microsoft.com regarding this matter
      P3P
    		[reply]
    Re: IE6 and cookies
    by ryan (Pilgrim) on Jan 25, 2002 at 06:58 UTC
      This does not answer your question, but it is an interesting finding I made while doing cookie work with IE 6.0.2600.0000

      On the default install of IE6, assuming you don't change any security settings, every session cookie (cookies with an instant expiry time that IE6 doesn't write to disk) are not shared between open windows.

      This means that if you copy the URL to a new window the cookie is not visible to that window. I tried it via a CGI to read the cookie and display it's session ID, or send a new ID if none was found. I could open as many windows as I wanted and all received new session IDs and handled only that specific cookie. After relaxing some of the security settings (I forget which ones) it went back to its normal behaving like with IE5 of sharing cookies amoungst all open windows.
    		[reply]
    Re: IE6 and cookies
    by Dog and Pony (Priest) on Jan 25, 2002 at 02:37 UTC
      I haven't used IE6, but a not so wild guess is Microsoft "security policy". It is the same thing as when outlook says that ".txt" files may contain virus, but ".doc" goes through as a known and trusted format. It is really pretty clever, since they are using the complaints about their software's unsafety to endorse their own formats and suchlike.

      So I would suppose that there is a list of trusted sites, such as MS own, and a few others in the same network or similar friends of them that are listed as trusted already?

      I'm not sure exactly how to deal with it, if that is the default setting in IE6, other than stating on your site that that IE6 users needs to change their settings. Possibly also detect the browser to display the alert. Since it is a setting in the browser, I don't think you can possibly change that from your site, that would render it useless.

      One small other thing I could think off, is if you have cookies that aren't 100% complete with return paths and such, and that IE6 croaks on that. You might wanna see to it that you explicitly say in your cookie that it only should be returned to the site that set it.

      Not much help I'm afraid.
    		[reply]
    IE6 and cookies - Update
    by Rex(Wrecks) (Curate) on Jan 25, 2002 at 21:49 UTC
      Thanks to Tye, this is solved. It seems to have something to do with the way MS IE6 handles the "Trusted Domains", and just dropping the domain from the cookie worked just fine.

      Thanks to all who put up with my CGI learning curve in the CB.

      "Nothing is sure but death and taxes" I say combine the two and its death to all taxes!
    		[reply]

    Back to Seekers of Perl Wisdom