[Web4lib] Session Cookie Problems when Patrons Use IRS Free File

Micah Stevens micah at raincross-tech.com
Thu Jan 25 17:13:22 EST 2007 

IE has in my opinion dealt with cookie security in a strange way. As 
many web applications require a session data set to give you the 
features you want in this day and age, cookies are very helpful, and 
should present little security risk other than you can be fairly easily 
tracked.

Allowing cookies I feel is not only fairly risk-free, but required on 
many sites. You should be able to go into advanced settings and enable 
the free use of cookies without modifying other parameters that may be 
changed when you set your security level to 'low'.

I recommend this to all of my clients and haven't had an issue so far.

-Micah

On 01/25/2007 02:02 PM, dschumann at trlib.org wrote:
> Several patrons have reported problems using the IRS Free File web site
> from our public Internet computers. They get an error message saying:
>
>
> Browser Configuration Change Required
>
> In order to use this application, your browser must be configured to
> accept session cookies. It appears that either session cookies have been
> disabled in your browser, or your browser does not support cookies at
> all. To use this application, please enable support for session cookies
> in your browser, hit the back button, and try again. 
>
>  
>
> Although we allow session cookies on our public computers, in IE we have
> set Privacy to Medium, which:
>
>  
>
> *	Blocks third-party cookies without a compact privacy policy.
> *	Blocks third-party cookies that use personally identifiable
> information without your explicit consent
> *	Restricts first-party cookies that use personally identifiable
> information without implicit consent.
>
>  
>
> When I changed the privacy setting to Low, which removes the restriction
> on first-party cookies, I was able to get past the session cookie error
> page. 
>
>  
>
> Have any other libraries encountered this issue? If so, are you
> considering lowering the privacy setting in IE? 
>
>  
>
> At this stage, we aren't looking at changing browsers. We are using IE 6
> and have locked it down using a combination of AD settings and
> WinSelect. 
>
>  
>
> Thanks for any collective wisdom that can be shared!
>
>  
>
> Donna
>
>  
>
> ********************************
>
> Donna Schumann
>
> Timberland Regional Library
>
> 415 Tumwater Blvd.
>
> Tumwater, WA 98506
>
> 360-704-4542
>
> dschumann at trlib.org
>
>  
>
> _______________________________________________
> Web4lib mailing list
> Web4lib at webjunction.org
> http://lists.webjunction.org/web4lib/
>

More information about the Web4lib mailing list