------------------------------------ Cookie Settings for IE6 Custom Zones ------------------------------------ -------- Contents -------- * Overview * Using Custom Zone .REG Files * Menu of Custom Zone .REG Files * Always Allow Session Cookies * How These .REG Files Were Created * More Info ~~~~~~~~ Overview ~~~~~~~~ This package contains two sets of .REG files for use with custom-made Security zones in Internet Explorer 6.0. These .REG files can be used to configure IE6's handling of cookies in custom Security zones created by the user, giving users much more control over the rules IE6 employs to block or accept cookies. Please note that these .REG files will affect cookie handling only in zone 5, the first custom zone past the standard four zones that IE6 uses by default. All of these .REG files are editable with a simple text editor like Notepad. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Using Custom Zone .REG Files ~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Before using any of these .REG files, please make sure that your new custom zone is created and set up in all other respects. To use ("merge") any of these .REG files into the Registry: 1) close IE6 (if it's currently open) 2) double-click on the appropriate .REG file. You should get the message: "Information in default.reg has been successfully entered into the Registry." 3) Re-open IE6 and surf away! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Menu of Custom Zone .REG Files ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ These two sets of files are distinguished from one another by their handling of session cookies in first-party contexts. See the "Always Allow Session Cookies" section below for a more detailed explanation of the differences between these two sets of files. Note: As settings for third-party cookies are always "reject" for this custom zone, third-party cookie settings are not included in either of the tables below. ***************************************** * Set # 1 (restrictive session cookies) * ***************************************** Note: alwaysAllowSession="no" in both first-party and third-party contexts. This option forces ALL session cookies to be evaluated in the same way as persistent cookies. :----- --------------------: | .REG ** Custom zone ** | | File 1-noPolicy 1-noRule | :----- ---------- -------- : 1 reject reject 2a reject Session 2b Session Session 2c reject First 2d Session First 2e First First 2f reject accept 2g Session accept 2h First accept 2i accept accept ************************************** * Set # 2: (liberal session cookies) * ************************************** Note: alwaysAllowSession="yes" in first-party contexts only. This option unconditionally permits session cookies in first-party contexts. Third-party session cookies are still evaluated in the same way as persistent cookies. :----- --------------------: | .REG ** Custom zone ** | | File 1-noPolicy 1-noRule | :----- ---------- -------- : 1-s reject reject 2a-s reject Session 2b-s Session Session 2c-s reject First 2d-s Session First 2e-s First First 2f-s reject accept 2g-s Session accept 2h-s First accept 2i-s accept accept **** Key: **** Term Description ---- ----------- 1-noPolicy first-party cookies with no Compact Policy 1-noRule first-party cookies with acceptable Compact Policies (i.e., for which no custom rule expressions are evaluated "true") accept accept cookies prompt prompt the user First forceFirstParty - Leash cookies so that they are only sent in a first- party context. Session forceSession - Convert persistent cookies (cookies that have an expiration time independent of when browser session cookie ends) to session cookies (cookies that expire when browser session cookie ends). reject reject (block) cookies ~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Always Allow Session Cookies ~~~~~~~~~~~~~~~~~~~~~~~~~~~~ These .REG files are divided into two basic types: Restrictive Session: Every file of this type configures IE6 to evaluate session cookies in the Cookies same way as persistent cookies within custom zone 5 in both first-party and third-party contexts. Liberal Session: Every file of this type configures IE6 to accept session cookies within first- Cookies party contexts (in custom zone 5) unconditionally. Third-party session cookies will still be evaluated in the same way as persistent cookies. Obviously, the options offered here for session cookies are fairly monolithic in that they they never free third-party session cookies from the standards of acceptance which govern persistent cookies. Users who desire third-party session cookies to be accepted "liberally" should look into using a custom XML Import file to create the proper settings in a standard zone (Internet or Trusted) and then creating the appropriate .REG file themselves. See the "How These .REG File Were Created" section below for more info. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ How These .REG Files Were Created ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ These .REG files were created by using custom XML Import files which modified the Privacy settings for the Trusted zone. Here's the process in a nutshell: 1) Load the XML file that has the settings for the Trusted zone which correspond to the settings desired for custom zone. 2) Use REGEDIT to export the Trusted zone Registry settings from... HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2 ...to a .REG file. 3) Edit the resulting .REG file in Notepad to change the zone number to match the number of the first zone after the four default IE6 zones: 5. To do so, change... [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2] ...to look like... [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\5] Also, edit out any values other than... "{AEBA21FA-782A-4A90-978D-B72164C80120}"=hex:[data] "{A8A88C49-5EB2-4990-A1A2-0876022C854F}"=hex:[data] "1A10"=dword:[data] ...where [data] is a number value set by IE6. If you try this method yourself to create your own .REG files, don't forget to re-import the XML file that you actually want to use for your Internet and Trusted zones in IE6. ~~~~~~~~~ More Info ~~~~~~~~~ For links to more info on Internet Explorer 6.0 and P3P, see: http://www.spywarewarrior.com/uiuc/info2.htm For more information on custom XML Import files for IE6, see these documents from Microsoft: Privacy in Internet Explorer 6: http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnpriv/html/ie6privacyfeature.asp How to Create a Customized Privacy Import File: http://msdn.microsoft.com/library/default.asp? url=/workshop/security/privacy/overview/privacyimportxml.asp XML Elements for Custom Privacy Policies: http://msdn.microsoft.com/library/default.asp? url=/workshop/security/privacy/CustomImportXML/customimportxml.asp ------------------------------------------------- Date: 9/23/01, 3/26/02 Revised: -- From: http://www.spywarewarrior.com/uiuc/ Made By: Eric L. Howes (eburger68@myrealbox.com) ------------------------------------------------- Copyright (c) 2000-2002 Eric L. Howes This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. Some files distributed with this package may not be covered by the GNU GPL. Those files remain the property of their original owners and are covered by the licenses under which they were originally distributed. All trademarks are the property of their respective owners. You should have received a copy of the GNU General Public License along with this program; see the file COPYING. If not, write to the Free Software Foundation, 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.