Bugs item #1949207, was opened at 2008-04-22 18:23
Message generated for change (Tracker Item Submitted) made by Item Submitter
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=108956&aid=1949207&group_id=8956
Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: User
Group: cvs
Status: Open
Resolution: None
Priority: 1
Private: No
Submitted By: bishop (bishopb)
Assigned to: Nobody/Anonymous (nobody)
Summary: Authenticated respondent kicked out of dashboard
Initial Comment:
After successful log in, an authenticated respondent is kicked out of the dashboard when accessing a phpESP instance from within a framed site that opens the phpESP in a frame using IE6.
This occurs because phpESP doesn't send a P3P compact security policy and the cookie is third-party, which IE6 refuses in the default configuration ("Medium"):
“Internet Explorer prevents Web sites from storing third-party cookies that do not have a compact privacy policy or that use personally identifiable information without your explicit consent. The browser also prevents Web sites from storing first-party cookies that use personally identifiable information without your implicit consent.”
The solution is send a proper P3P header that will quiesce IE6, as described here:
http://www.oreillynet.com/mac/blog/2002/06/p3p_in_ie6_frustrating_failure.html
----------------------------------------------------------------------
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=108956&aid=1949207&group_id=8956
|
