We have a client who runs an ecommerce package called asp.net storefront (we are in the process of moving them to AbleCommerce) A few weeks back, they began to hear customers complaining that they could not add items to their cart, or items in the cart would disappear. I traced this down to a cookie issue and updated default security settings in IE. The default security for the internet zone in IE 7 is not to accept cookies from sites that do not have a Compact Privacy Policy.
This is basically a set of files conforming to the W3C p3p standard and consists of the following:
p3p.xml – this is a policy reference file and it should live in a directory named W3c at the root of the server.
clientname.p3p – (or .xml, as we’ll see later) this is the xml privacy policy
clientname.htm – this is the html privacy policy
clientname.txt – this is the compact policy file that is used to generate http headers
All of these files can be generated using a p3p tool from IBM: http://alphaworks.ibm.com/tech/p3peditor
A couple of caveats:
1. the compact policy file generated by the tool for the http headers only contains this:
CP=”CAO DSP CURa ADMa DEVa TAIa CONa OUR DELa BUS IND PHY ONL UNI PUR COM NAV DEM STA”
the full header should look like this:
P3P: policyref=”http://www.CLIENT.com/w3c/p3p.xml”, CP=”CAO DSP CURa ADMa DEVa TAIa CONa OUR DELa BUS IND PHY ONL UNI PUR COM NAV DEM STA”
2. When generating the actual policy file, the tool wants to save a file with a .p3p file extention, which is fine if you add the mimtype .p3p text/xml into iis and restart your server. But if you don’t want to restart your server, you can just save it with an .xml file extension.