Misc

Session cookie not working in IE-P3P site complience

Few days ago I faced problem of cookies and session while working in IE.
I have made a widget of a perticular site and this widget offers login form to user to login to main site.
To show login form I have used popup which is actually Iframe. This login code works fine with Mozila, google crome, safari.
Session and cookies are working fine. But when I tried in IE, session and coockies does not work properly and it shows “devil eye” at the bottom, status bar of the IE.

I searched a lot to find solution for this and I came to know about P3P. following tutorial will help you all to resolve this kind of problem.

What is P3P?

P3P is the Platform for Privacy Preferences Project. It was developed by the W3C, (World Wide Web Consortium) as a protocol for providing automated privacy information to the end user, giving them more control over their own personal information at the web sites they visit.

P3P websites offer privacy information in a machine readable format and P3P enabled browsers can read this and compare it to their own privacy standards. This protocol provides a standardization of privacy statements and presents it in a format that allows surfers to act on the information they are provided with.

Some Advantages:

  • The user can set up one-to-one relationships with different web sites, varying the amount of data divulged according to his/her comfort level with the web site/company.
  • The user can seamlessly transfer personal information to web sites/companies without typing information repeatedly.
  • The user will know how the web site is going to use the personal information being collected.
  • The user can make/decide on exceptions. A user can vary which information can be disclosed depending upon the usefulness of the data or the service provided by the web site.

How do I implement P3P on my site?

First, you need a privacy statement for your site that surfers can read, or you can use the HTML privacy statement that is generated with the P3P editor we’re going to download. Download P3P Editor. This link will take you to the alphaWorks site, simply click on the download button in the upper right-hand corner and follow the instructions.

The P3P Editor

If the editor installed the first time, great. If you got an error stating that the JVM could not be found, you need to download the Java Environment Runtime file which is located here: JER Download. Follow the link and scroll down to the download button. The P3P editor and the JER file total about 11 megs so if you are on a slow connection get a cup of coffee.

After installation of both downloads you’re ready to begin making your website P3P compliant.

The P3P Editor will create four files, a policy file, written in XML, a reference file, written in XML, a compact policy* and an HTML version of the privacy statement that you can use on your site as your privacy statement if you don’t wish to reference your site’s current privacy statement, or if your site doesn’t have one.

In addition to the four files already mentioned, I recommend creating two additional HTML files, an opt_out.htm and a dispute.htm. Before opening the editor, create a w3c directory and a privacy directory on your server. If you don’t have access to create your own directories you can still make your site P3P compliant, I’ll address that at the end of this tutorial. For now let’s get on to actually creating the files you need.

The editor comes with instructions, lots of them. What you need to know is quite simple though. Open the editor and after a few seconds a screen will appear presenting four options, Create A Blank Policy, Create A Policy From a Template, Edit an Existing Policy or View The Getting Started Guide. For now, choose Create a Policy From a Template. You will be presented with 6 more options. If you understand XML completely, and wish to wander off on your own from here, please feel free. If you aren’t comfortable with XML I suggest selecting Access Logging and User Tracking. Nearly all websites do this in one form or another. Select Okay, and the screen will change to one with 5 tabs on the bottom section, the Error Tab may be highlighted. Don’t worry about those tabs yet.

Creating Your P3P Policy

At the right-hand side of the application, there’s an icon of a hand holding a page. Click that. A screen will appear presenting Privacy Policy Properties. The Organization Tab will be selected by default. Fill in the information fields, and please note that allinformation is required. After supplying the required information move on to the Websites tab. For Policy Name, I suggest using policy1.xml. This allows for more than one privacy statement later and uses the proper syntax required by XML. Remember that Opt_out.htm file I mentioned earlier? This is where you enter that URL information. It’s important to keep track of this as you will need to name the files correctly and upload them into the proper directory in order to validate your site later. Move on to the URL of human readable privacy policy and enter the URL. Click Okay and move on to the Access tab. The Access field presents 6 options, read them all and decide which one is correct for your site. I allow user access to all identifiable information so I chose All Information on the User.

After clicking Okay, it’s on to the Assurances field. A screen will appear with a blank section and an Add button. Click Add and a new screen will appear with three new tabs. General, Remedies and Image. General is selected by default and asks for a name and a URL and type. Choose whatever name you like, keeping in mind that this is the page users will be sent to if they have a dispute regarding your privacy policy. This is also the field where your enter the URL of your dispute.htm file you created earlier. You did create that file right? If you didn’t it’s okay, but you need to remember the name of the file and the URL in order to make sure that you get the files in the right place. For Type I chose customer service. You can leave the description field blank for the moment and click Okay. Click the Remedies tab and you will presented with three options, I chose the first one, but you are free to choose the remedy you prefer. The images tab is for your Certifications image if you have one. Enter the information for your certification, don’t worry about it if you don’t have one and click Okay. The last field is Expiry, simply enter the date you wish your policy to expire on. Click Okay.

You should return to the New Policy screen, and the Errors tab should no longer be highlighted. A message should appear in the bottom text window stating that No errors have been detected in this policy. Your policy files have been created, now they just need to be saved.
The Reference File

Click File, then select Create Reference File. If you have one policy, select the One Policy Radio button and click next. You then need to fill in the URL information. It’s important if you can to upload this file, which you will save as p3p.xml, to the w3c directory you created. This keeps you from having to add a link to every page, or using HTTP headers to allow for validation and compliance. Your URL should look like this: w3c/policy/#p3p.xml. The hash mark is required and the editor will display an error message if it isn’t in the path. Click okay and it will create the reference file, then click Finish, save the file as p3p.xml, type that into the box, and save it where you can find it. I saved it to desktop.

Your Policy File

Repeat the process for your policy file, saving it as policy1.xml.

Your HTML File

There’s an option to save HTML File in the same menu you saved your other files in. This CAN be your human readable privacy statement. Simply save it as privacy.htm and upload it to the directory referenced in your XML policy.

Uploading the Files

Upload your p3p.xml file to the w3c directory. Upload your policy1.xml file to the privacy directory. Upload the other files, HTML privacy statement, dispute.htm, and opt_out.htm to the directory you referenced while creating your p3p policy. Using privacy as the default directory makes this quite simple.

Now you’re ready to validate

Go to http://www.w3.org/P3P/validator/20010928/ and type in your URI. If you validate, and you should, you can send your URL to the list of P3P compliant sites for inclusion that is listed at the validation site.

If you uploaded your reference file to the w3c directory, you can ignore the NO Link and NO HTTP header errors the validator produces. If you can’t create your own directories, you need to append
to every page on your site. Congratulations. You are now P3P Compliant.

A note about the compact policy

I get more questions about the compact policy than any other issue associated with P3P. First, the FACTS.

Original Article : http://evolt.org/node/20756

3 Comments

  • Hello Amit,

    I have created policy.xml, p3p.xml, added p3p header and also created.

    When i run my policy.xml to validate p3p validation, it is showing warnings like:

    Message: line 2: discuri attribute of element can be accessed.

    Message: line 19: service attribute of element can be accessed.

    Message: line 21: src attribute of element can be accessed.

    Can u please help me how to solve these messages.

    Please reply soon.. I am working since 1 days for this…

    Thanks in advance….
    Bijal

  • Can you please send me the files on my email so that i can try to find the solution. my email id= shrikantjadhav86 (@) gmail.com

  • Hi Bijal,

    in which step you get this error message ? in step 4 “Policy File Validation” ? if you are getting “Policy file has no syntax errors.” in next step with this 3 warnings, then also it should work.
    can u please post complete result here ?

Leave a Comment

*

Notify me of followup comments via e-mail. You can also subscribe without commenting.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Shares

Let your friends know what are you reading

Share this post with your friends!