Ben M. wrote:
I found this with a quick Google search:
(worth going back to Page 1 and reading the whole article)
This is fascinating - does it really apply to session cookies?
If so, why aren’t all Rails (and most J2EE, and many other) sites
suffering from it?
Also, it looks like you can generate a policy here:
However, at the time of posting that site seems to be unavailable.
Here’s a page with more resources:
Microsoft’s explanation of IE6 settings is here:
and there’s a practical article here:
with associated human-readable privacy statement here:
Bruce - sorry I doubted your assumption that this was a technical thing.
Reduce this kind of risk in future by doing end-to-end testing of a
representative slice of your application, on the intended technology
(i.e., in this case, from Rails at the external host through to IE6 in
the end user environment), as early as possible in a project.
For now, agree with your customer that this is an aspect that needs
fixing, but also agree a work-around that allows testing of
functionality to continue - even if this means using a server on the
I suspect that the images aspect is something different, but I’m not
Sorry I don’t have much time to look into this (I was away from work ill
today, and have some catching up to do)… but I’ll google some more and
flag anything that looks useful.