Yesterday we had a question from a customer regarding the behaviour of one our Servlets. In the end it seemed that it was loosing the session information when they went back in the browser. I can understand why, as they actually cross domains doing in going back. (Don't ask why their store is spread over two domains). When customers cross to the second domain they are not sending a cookie, the servlet puts new session information in the urls and the session is getting restarted.
From the support point of view it also seems that the problem is only related to IE 6. (In fact it is only related to non cookie users). In the end it turns out that by default IE 6 rejects cookies from sites that don't have XML P3P privacy information on their server. When I installed IE 6 I turned this feature off straight away so I never saw the problem. Turning IE6 back to it's default settings makes the session problem manifest itself.
Fair enough. There are few ways around this. One is to ask everyone to set the non default cookie setting. Since most of the users use the default settings we can't do this as some people are not going to get it and this will cause problems for the store's support people. Secondly we can submit and install the privacy information on the server. This is a good thing but a pain as the store has to decide it's privacy policy which is going to take some time. Do we just say, "Sorry you need to install P3P policies on your server" or do we do this work under our maintenance agreement. After all, since the problem occurs with our software it must be our fault. Also remember that this store is in Japan and the electronic privacy concerns may not be the same as the US. People are aware of privacy issues but the solution may be different.
Microsoft, it was a nice idea to trying get everyone to install privacy information on their servers but to force people to do it by breaking their applications is not on. Anyway, it's a pain. Thanks again Microsoft.
Posted by stuartcw at May 23, 2003 11:20 AM