For many developers the use of 1st and 3rd party cookies has been a useful, if not invaluable method of passing variables from page to page, and site to site. Remembering that the session object is handled like a cookie, many sites could be affected by any change to client side handling.<BR>Bring on P3P, the new security standard, put together by the W3C.<BR>Arguably the most confusing, irrelevant development to client side security, it seems developers who wish to share information through cookies and sessions - now have to &#039;prove&#039; they are not abusing the information – or risk being shown as ‘suspect’<BR><BR>When referring to information, I’m not talking about national insurance information or house address - just a simple user name and password stored in a cookie may cause issues.<BR><BR>So who does this affect, and how are they affected:<BR>Simply, for now - just users of IE6 (and related products)<BR>Only if a user has their privacy/security settings set to Medium/High or above.<BR>The red eye symbol that appears in the status bar, shows a blocked site.<BR>Only if your site relies on 3rd party content – even if it’s your own!<BR><BR>Why does this happen if the developer is not using sessions or cookies?<BR>By default IIS5 has sessions enabled by default, so event though you may not be using them - P3P thinks you may!? Even if you&#039;re only calling an image from another server - it cause the P3P red icon to appear.<BR><BR>How did I discover this strangeness?<BR>When developing a stats package that uses a remote 1x1 pixel on each website I’m tracking. The pixel script is stored on a home server and called when needed – or maybe not…..<BR><BR>How did I solve this issue?<BR>Develop/Write a W3C Privacy Policy for your 3rd party content - these are free, don’t get ripped off. XML isn’t that hard – there are lots of free examples.<BR>If you’re a small SME, or personal site there’s no need for lots of legal jargon, lawyers, etc. Just look around on the below sites, you need a policy directory, and a policy. All will become clear when you start reading/researching.<BR>Secondly, make sure you have a Compact Privacy Policy - these are different!<BR>Place the Compact Privacy Policy into your ASP headers - either through ASP script or configure your server to automatically pop them in.<BR>A compact privacy policy uses abbreviations – to tell the P3P compliant application what you intend to do, also available at W3C<BR><BR><BR>Take a look at:<BR><BR><BR><BR><BR>