followup: i've confirmed its definitely a "work-around": disable domain cloaking, and the 'about:blank' goes away - permitting my P3P-compliance mechanism to function properly.

Result - NO BLOCKED COOKIES in IE6!

For the benefit of anyone else who suffers from cookie-blocking problems, here's how I fixed it:

1) created a folder off the XOOPS root called /w3c/

2) created a P3P policy file (policy1.xml) and a standard P3P referral file (p3p.xml) plus an HTML (human-readable) version of the P3P policy (p3p.html) and uploaded all of them to /w3c/ folder

(the files were created with free IBM P3P tool, (http://www.alphaworks.ibm.com/tech/p3peditor) and tested using the online P3P compliance verification tool at http://www.w3.org/P3P/validator.html )

3) edited Theme.html (in XOOPS theme folder) to add an HTML 'P3P policyref' header. (see posts above...)

More info about P3P can be found HERE: http://www.w3.org/P3P/details.html

(X)OOPS!!!

i'm learning as i go along here... i forgot that i had CLOAKING enabled on the redirects! I'm gonna turn that OFF, and i guess i will get the 'system' headers back again!

(I'd really prefer to have the domain cloaking WORKING, but i guess you cant have everything...)

In about 24 hours i should see if that has any helpful effect! the 'uncloaked" URL ( http://rockandroller.net/xoops/html/ ) does have the desireable HEADERS now... I just figured out that i had to switch "update themes on" temporarily in the system configuration (I edited the main theme HTML file where i found a lot of headers...)

is now showing up in the headers, and it seems to be doing the trick (preventing IE6 from blocking cookies!) when using the uncloaked URL

I'm kind of wondering about the "/" (escape character?) in front of that closing angle bracket, though - its present in all the standard XOOPS meta-tags on that page, so i thought i had better copy it...


anyway it SEEMS to be working

its just gettng wierder, and WIERDER!

it seems that "about:blank" is some kind of "browser artifact" thats generated somehow from the redirect that points the domain name at the XOOPS root folder.

If i surf 'directly' to the XOOPS folder (in this case, via http://rockandroller.net/xoops/html/) then there is NO cookie blocking at all, and its all "GREEN LIGHTS" with regards to the XOOPS site being 100% "P3P compliant".

But getting there via the forwarded domain name still sticks me with the unknown (and decidedly non-P3P-compliant!) "about:blank". EVERY other element in the page gets a green light!


So now im pretty STUCK, i think...

It seems I somehow need to get a P3P meta-tag into the "Headers" section of the 'main frame', which comes out DIFFERENT when i reach it via domain name forwarding!

...because right now its not giving me much:

(page source for "likkiwalker.ru")



Does anybody know where i can EDIT this? Thats not even showing the proper keywords and description tags - I have different ones entered through the administration interface (which sadly doesnt allow us to add our OWN meta-tags)

more wierdness...

as you can see by clicking on the LINK in the post above, the XML file is "apparently" served up just fine, from the folder off the XOOPS root.

BUT...

all is NOT as it appears, because - some other unexpected 'embedded content'
called "about:blank" is ALSO being served, up - thus spoiling the P3P verification (which is otherwise flawless)

See this screencap of a "PrivacyBird" report...

Thwarted, so far...

I am able to make my "server" 100% P3P-compliant (NO cookie-blocking!) by installing the appropriate files in a W3C folder off the root.

HOWEVER, for a very mysterious (to me, anyway!) reason, the same fix DOESNT work in my XOOPS root directory.

The XOOPS system is somehow automatically putting a "wrapper" around the P3P XML file, but the frame content is 'munged' and un-reachable due to the addition of an extra (unwanted!) slash character...

So instead of getting my nice P3P compliancy XML file, the XOOPS site somehow serves up a useless HTML file (sans the content)

(see details below...)

Does anybody know WHAT file i can edit to change (or preferably disable!) this wrapper? I'm very puzzled about the EXTRA slash - and how the rest of the site functions perfectly with it.

Does anybody know where i can get some DOCUMENTATION on the 'guts' of this system? I dont relish having to read through 500 files to sort this out...



BTW, I tried making an HTACCESS file in the XOOPS root directory to make a P3P HTTP header, but its not working either

+++++++++++++++++++++++++++++++++++++++++++++


Results of P3P validation
Target URI: http://likkiwalker.com/


--------------------------------------------------------------------------------

Step 1: /w3c/p3p.xml Validation

URI: http://likkiwalker.com/w3c/p3p.xml

Step 1-1: Access check

/w3c/p3p.xml can be retrieved.

Message: The content type of /w3c/p3p.xml is text/html.

Step 1-2: Syntax check

/w3c/p3p.xml is NOT an well-formed XML file

.

mismatched tag at line 9, column 2, byte 398:


=^



--------------------------------------------------------------------------------

Step 2: HTTP Protocol Validation ( HTTP headers )

HTTP headers have no P3P: header.


--------------------------------------------------------------------------------

Step 3: HTML File Validation

HTML document has no P3P compliant link tags.

Message: No valid P3P compliant element.


--------------------------------------------------------------------------------

Validator could not find valid policy reference file URI. Validation aborted.

'disable referrer check' did NOT fix the problem.

but now that i have finally gotten a fresh new computer with Xp installed, i have IDENTIFIED the problem.

Its simply that internet explorer 6 BLOCKS the site cookies by default!


on a fresh copy, I see right away that cookies are blocked.. somehow my two development machines had the site added to their TRUSTED SITES LIST ( 'allow all cookies') a long time ago.

The FIX is simply to make the site P3P-compliant so that newer browsers will accept cookies by default.


i'm working on that now.. will post results when i get some

THANKS!!!!

I just tried the "disable referrer check" hack, will see if it helps any...

thanks for the feedback!

If i understand the reports correctly, the error occurs on the page for entering the user data (not sure if its the first submit or the confirmation submit...) in either case you clearly "got past it" using XP & IE

Do you have XP firewall and/or popup blocker disabled, per chance?

Are you running 'WINDOWS defender' ??

By the way.. i havent been able to confirm this, but i strongly suspect that the error message is the equivalent of

"no valid security token found in session"


(which i have seen so much of lately on these forums)

We run 2.0.13.. and recently noticed similar problem!

'No valid security token found in session' is an error message when user tries to register. (on IE6 in XP)

but it works fine in WINDOWS 2000 (IE6 or firefox)

Could this be related to XP firewall?