[svlug] MSIE and ad blocking (was Re: (forw) Re: The February Lecture --- Changes in Firefox Offerings)

Andrew Wilcox andrew.r.wilcox at gmail.com
Wed Feb 23 16:54:29 PST 2011

On 23/02/2011 19:10, "Don Marti" <dmarti at zgp.org> wrote:

>What I'd like to do at the BoF is help web developers
>get out ahead of where privacy-aware users are going
>to be in the near future, as well as help people who
>are implementing privacy measures avoid blocking
>stuff like widely-used captcha sites and legit
>embedded videos.

This brings up an interesting issue I had while writing an eCommerce site
using Python and Django in November of 2010.  Towards the end of December
(likely due to Christmas), I received an email that said people using iPad
were unable to check out.  Since I didn't have an iPad, I had to go to the
Apple Store and use one of the display models, and indeed there was an
issue; after doing some "live debugging" (I have an iPod touch with iSSH)
I found that the cookie that contained the shopping cart wasn't showing
up.  This was bizarre and happened on no other UA out there.

It turns out the iPad differentiates between HTTP and HTTPS for cookies;
if you set a cookie on http://mysite and then redirect to https://mysite
for checkout, it won't retain the cookies.

While I was trying to dream up a fix I got a report that the same thing
happens in IE9. I ended up just telling the Web site owner to
force-redirect http: traffic to https:.  Seems to be working well for her.

Just felt this was an interesting example of having to write Web code in
the "New World" of privacy and browsers that are restrictive to the point
of excess.


More information about the svlug mailing list