OK, a puzzler for you webmaster types (spoiler below).
The site uses HTML hosted on a virtual domain at earthlink and database data coming from phpwebhosting.com, all married together in a frameset. Login authentication is handled via PHP sessions.
So why weren’t any logins working from IE6? Give up? This one took quite a while to figure out.
[ … spoiler … ]
First of all, PHP sessions are really just a simplified wrapper for a specialized form of cookie. So start with the realization that cookies aren’t getting planted even though cookies are enabled in the browser.
IE6 has a cookie tolerance slider that defaults to Medium. On the Medium setting,
And finally, I find the deployment answer in a PHP forum. This affects me because the site is pulling HTML and PHP/data from two different sources:
“MSIE 6 has an inaccurate definition of third party cookies. If your domain is hosted on one server and your PHP stuff is on another, the IE6 P3P implementation considers any cookies sent from the second machine “third party”. Third party cookies will be blocked automatically in most privacy settings if not accompanied by what MS considers “an appropriate Compact Policy”. In order to make this new piece of tweakable garbage happy I’d suggest you’d par exemple send
header(‘P3P: CP=”NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM”‘);
before sending your cookie from your second machine. This header enables your cookie to survive any privacy setting.
So in the end I went to privacycouncil.com, filled in the wizard, which generated a CPC similar to the one above, and started sending it in the header of auth.php.