I have a script that requires cookie use, however at IE6's default security level (medium) it refuses to except my cookie. I was wondering if there are work arounds for this. It lists the restrictions for medium as:

"- Blocks third-party cookies that do not have a compact privacy policy.
- Blocks third-party cookies that use personally identifiable information without your consent.
- Restricts first-party cookies that use personally identifiable information without implicit consent."

I was wondering how IE6 would determine any of this and how I could comply to it accordingly. My cookie stores 4 hex values separated by "|"s and is a part of a color scheme changer for a site.

I had a big long thing I found on this that I had posted in the old WA forumn. If anyone is able to pull that and put it in here that would be great. Anyways the work around that i found is how you actually have to set the cookie.

set cookie like this:
setcookie("cookiname",$cookievalue,"time()+3600");
instead of like this:
setcookie("cookiename",$cookievalue,time()+3600);

If that doesn't work you may have to use to ob_start() and ob_end_flush function. This would look like this:
ob_start();
setcookie("cookiename",$cookievalue,"time()+3600);
ob_end_flush();

I found a lot of information on the W3C site and on microsofts site that explains in detail what happens to the cookies in IE6 and the rules they have set up for it. If any moderator can find my old post (I know firepages like the post) in the old WA stuff and re-post it in here, it may be more helpful to you.

The easier (and better) way would be to create a valid p3p privacy policy, which IE6 looks for in order to decide what to do with a site that wants to do certain things...(like cookies).

http://www.w3.org/P3P/

Feyd: It's by no means easier, I store 4 hex codes that the user selects and I have to provide legal documentation. I don't know about you, but I'm an independant hobbyist who has no interest in paying for legal counsel.

It is easier and has nothing to do with legal counsel (or your hex codes, unless you have something else going on besides needing permission to use cookies).

You should read up on p3p, as I initially indicated, since if you are trying to run a business that uses certain things and you do not have a valid p3p privacy policy, you don't get to use your business with that user (unless they have tweaked their browser settings). More and more browsers are using p3p, and it pretty much will be the standard for privacy protection soon.

p3p lets you choose answers to common questions about your privacy practices, which in turn decide what cookies are allowed to be used by your site (among various other privacy items/practices).

You asked "I was wondering how IE6 would determine any of this and how I could comply to it accordingly." p3p is the answer, that is how IE6 determines it...as I initially indicated.

http://p3pedit.com/
http://www.w3.org/P3P/implementations
http://www.gigalaw.com/articles/2002-all/cranor-2002-04-all.html
http://www.p3ptoolbox.org/