Cookies & P3P Privacy Policy Problems

They have: 2 posts

Joined: Dec 2003

I have an affiliate program setup on my domain. This program uses cookies to track sales. I was having problems with the cookies being blocked by IE, since I didn't have a compact privacy policy. So I downloaded IBM's P3P policy maker and made a compact privacy policy. And that fixed it. But....

In my affiliate program I have TWO programs. The first one is on the same domain as the actually affiliate script (the one I talked about above) and with the policy in place it DOESN'T block cookies on that domain. But the second program is on a different domain but the cookie is still served from the affiliate script domain. So I created a policy for this domain as well and it blocks the cookies still!

I imagine it has something to do with the cookie trying to be served not being on the same domain as the order page. How can I fix this? I need to be able to run multiple affiliate programs that are all on different domains, while the affiliate script and cookies are on one domain. Any way I can do this?

My P3P compact privacy policies are fully compliant and they are supposed to work on all security settings in IE. It says...

-----------------------------
Satisfactory policy: this compact policy is considered satisfactory according to the rules defined by Internet Explorer 6. IE6 will accept cookies accompanied by this policy under the High, Medium High, Medium, Low, and Accept All Cookies settings.
-----------------------------

So how I do get IE to NOT block cookies that are being served from a different domain than the order page?

Thanks
Tom

Suzanne's picture

She has: 5,507 posts

Joined: Feb 2000

You can't, that's the point of the settings, to prevent people from setting cookies from different domains other than the secure domain.

They have: 2 posts

Joined: Dec 2003

So how does affiliate network software work? Such as CJ? The software is on a central server right? So how do all the different merchant sites track their sales with cookies?

And more importantly how do I get my track my sales from multiple domains using an affiliate script located on a different domain? Surely it can be done.

Any suggestions?

Thanks

Suzanne's picture

She has: 5,507 posts

Joined: Feb 2000

Sure you can do it -- just not without the warning.

Cookies are a very inaccurate and insecure way of tracking anything. It's better to write to a database and issue reports, but then you're taking the word of the companies with whom you are "affiliated". Which is right, since it's their $$.

Better to use sessions for tracking.

Referrers and cookies are both easily hacked.

They have: 461 posts

Joined: Jul 2003

Suzanne wrote: Sure you can do it -- just not without the warning.

Cookies are a very inaccurate and insecure way of tracking anything. It's better to write to a database and issue reports, but then you're taking the word of the companies with whom you are "affiliated". Which is right, since it's their $$.

Better to use sessions for tracking.

Referrers and cookies are both easily hacked.

from my understanding, sessions uses either get, post, or cookies.
post can only be done on forms, and you can tell it if it is allowed to use cookies, but then you have those long long urls and have to be aware of limitations there.

unless i'm wrong, sessions' security is dependant upon what it uses.
if you really want to secure it, theres a person on the other forums i have found useful that, as his grad/doctoral thesis has literally written the book on secure cookies that you could talk to. there's also a guy from scotland that's rather active there that's a security expert.

the site: http://forums.devnetwork.net/

i know there's a growing number of cross over right now... as i said to a few that showed up there, this is rather superior in the non-php, especially mark's willingness and response speed on mysql. yet the sheer number there makes them faster for php

POSIX. because a stable os that doesn't have memory leaks and isn't buggy is always good.

Want to join the discussion? Create an account or log in if you already have one. Joining is fast, free and painless! We’ll even whisk you back here when you’ve finished.