Page 1 of 1

PHP / P3P Problem ??

Posted: Mon Feb 21, 2005 6:05 pm
by wornout
Hi
I'm having trouble with sessions / P3P compact privacy policy etc and IE6

I have a static HTML page - this uses JavaScript to pull information from a PHP script on another site - theory is that anyone can use this JavaScript on their own pages to pull real time information from my site.

This all works fine and the required information is displayed on the static HTML page. It updates fine - no problem there. However, IE6 shows an eye icon and no entry sign on the static HTML page and nothing I do gets rid of it.

Clicking on the symbol opens a box saying "Based on your privacy settings, some cookies were restricted or blocked"
Clicking on Summary opens a box saying "Could not find a privacy policy for http://www.domain.com/script.php. To view this site's privacy policy, contact the Web site directly."

After a bit of searching, it seems I [/b]may need to add a P3P compacy privacy policy to my PHP script. I've done this, I've still got the problem........

In the first instance, people will visit the web pages with the JavaScript - my script simply starts a session - it does not set any other cookies.

Does anyone know where I'm going wrong?

The JavaScript on the static HTML page is:

Code: Select all

<script language="JavaScript" src="http://www.domain.com/script.php"> </script>
The PHP script on my site begins with:

Code: Select all

<?php
session_start();
header("Cache-Control: "); 
header("pragma: "); 
document.write('Total:&nbsp;&nbsp;<? echo $total; ?>');
If a session has not been set before, the total will be zero. This is displayed in the static HTML page (this works fine apart from the eye/no entry icon).

I have tried adding the P3P compact privacy policy in every location in the PHP script, but I can't get rid of the eye / no entry symbol on IE6. It just doesn't work.

I have tried various P3P privacy policies including:

Code: Select all

header('P3P: CP="CAO DSP LAW ADMa DEVa OUR IND PHY ONL UNI PUR COM NAV INT DEM CNT STA PRE OTC"');
header('P3P: CP="TST"');
header('P3P: CP="NOI DSP COR NID NOR"');
But I still can't get rid of the eye/no entry symbols .............
(I did create my own P3P policy but it didn't work either)

Please can someone give me a clue as to why this isn't working??
Thanks in advance ............

Posted: Mon Feb 21, 2005 7:21 pm
by Chris Corbyn
What are your IE security/privacy settings at the moment? Other people will get this too if they have a high enough security level set in IE.

Posted: Mon Feb 21, 2005 8:12 pm
by wornout
Hi
Mine are the medium (default?) settings
Yes, everyone else with IE6 will get it too .......

Posted: Fri Feb 25, 2005 12:01 pm
by wornout
Is anyone else able to help with this??

Posted: Fri Feb 25, 2005 2:42 pm
by smpdawg
Do you have a site with a working example that we can look at?

Posted: Mon Feb 28, 2005 3:41 am
by Weirdan

Code: Select all

header('P3P: policyref="http://site.com/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa OUR NOR UNI COM NAV STA"');
works with default IE settings (it's a script for click stats, definitely you will need to develop your own privacy policy [matching your business practices]).