Privacy Templates (Windows CE 5.0)
A privacy template is a set of P3P policy restrictions that is used to determine whether a cookie should be accepted, rejected, downgraded, or leashed.
For more information about the P3P project, see the Platform for Privacy Preferences (P3P) Project specification at this officical W3C Web site.
The following code example shows the syntax for creating a privacy template.
privacy template:
signature rules
signature:
IE6-P3PV1/settings:
rules:
meta rule
P3P acronym rule
rules
Note All tokens, P3P acronyms, and string literals are in Unicode format.
Cookie Actions
Cookie actions determine how to handle cookies. The valid values are defined in the InternetCookieState enumeration.
Cookie action | Description |
---|---|
Accept |
Accept the cookie. The cookie is stored in the persistent cache and is sent on future requests to download content from the site that set the cookie. |
Prompt |
Prompt the user to decide whether to accept or reject the cookie. |
Block |
Reject the cookie. The cookie is not stored and therefore will not be sent to the site on future requests. |
P3P Acronym Rule
The following code example shows the P3P acronym rule
syntax.
P3P acronym rule:
P3P acronym =cookie action
/ P3P acronym pattern= cookie action/
The P3P acronym pattern
syntax is as follows.
P3P acronym pattern:
P3P acronym
!P3P acronym
P3P acronym& P3P acronym pattern
!P3P acronym& P3P acronym pattern
The following code example shows the P3P acronym
syntax.
P3P acronym:
purposes
recipients
retention
categories
non-identifiable
disputes section
access
dispute resolution
policy is test-version
For more information about P3P acronym, see the P3P project specification.
Meta Rule
The following code example shows the meta rule
syntax.
meta rule:
nopolicy=cookie action
###=cookie action
always=cookie action
%%%=cookie action
session=cookie action
Special rules are specified using the nopolicy
, session
, and always
symbols. The nopolicy
symbol is used to specify the action to be taken when there is no compact policy. For example nopolicy=d
specifies to downgrade all cookies without a compact policy to session cookies. The session
symbol is used to specify the action to take on session cookies and can only be set to a
. When session=a
is specified, all session cookies are accepted regardless of the content of the compact policy. If this rule is not specified, session cookies are subject to the same rules as persistent cookies. Finally, the always
symbol is used to specify that the same action be performed for everything. For example, always=d
specifies that all cookies be denied regardless of the existence of a compact policy.
Decision defines the action to take on a cookie for which the compact policy contains a specified token. It is a single lowercase character — a, p, l, d, or r
— that corresponds to a cookie action. The following table shows the possible decision values with a description of the purpose of each.
Decision | Description |
---|---|
a |
Accept the cookie. The cookie is stored in the persistent cache and is sent on future requests to download content from the site that set the cookie. |
p |
Prompt the user for a decision on whether to accept or reject the cookie. |
l |
Leash the cookie. The cookie is accepted but it is sent only on requests to download first-party content. When requests are made for third-party content, the cookie is not sent. |
d |
Downgrade the cookie. Accepts the cookie but it is not stored persistently. This means that the cookie is deleted when the browsing session ends or the cookie expires, whichever comes first. |
r |
Reject the cookie. The cookie is not stored and therefore will not be sent to the site on future requests. |
The following list describes how cookies are handled in a given scenario.
If the privacy template contains the meta rule
always=cookie action
or%%%=cookie action
, then the decision is the same as the cookie action.If P3P header is missing or contains an invalid compact policy, then the decision is the same as the cookie action for templates that contain the meta rule
nopolicy=cookie action
or###=cookie action
. Otherwise, by default, the decision isr
.If the compact policy matches the
P3P acronym rule
, then the decision is the same as the cookie action for that rule. If the policy matches more than one rule, then the decision is the cookie action with the highest precedence. If the compact policy does not match theP3P acronym rule
, then the decision isa
.Note The compact policy matches the
P3P acronym rule
if it contains all
P3P acronyms
specified by the rule and does not contain acronyms prefixed with
!
(NOT token).
The precedence order of decision is
a, p, l, d, and r
, wherea
has the lowest precedence andr
has the highest precedence.If privacy template contains the
session=a
meta rule, then session cookies are always accepted the P3P policy and are not evaluated. Otherwise, session cookies are treated in the same manner as persistent cookies.
Custom and Advanced Templates
The user can apply advanced privacy settings by selecting options from the Advanced Privacy Settings dialog box in the Internet Options dialog box. These settings are stored in the registry. The privacy values in the registry can be configured so that the advanced templates can be distinguished from the custom templates. Custom templates can be stored by applications by using the Privacy Functions.
For more information about the registry key value to set, see Privacy Settings in WinInet Registry Settings.
See Also
Platform for Privacy Preferences (P3P) | Specifying Privacy Settings | WinInet Application Development
Send Feedback on this topic to the authors