1. Internet Explorer 6 has a default cookies setting that does not allow moodle to run.
2. Therefore, you either tell your users to explicitly enable cookies for your site, lower their general security threshold in IE or you are using a P3P privacy policy definition on the server side. I much prefer the last option that is also used by www.microsoft.com to tackle the issue. It is the only known workaround without changes by the user.
3. Rather than defining your own P3P privacy policy (which is quite complicated), you can hook onto one of the general predefined policies. The following source gives you the background: http://www.duxcw.com/faq/webmastr/privhttp.htm
4. Implementing this with Apache, you will have to extend your header. Now, first look at the header your moodle server is delivering (you can use http://www.delorie.com/web/headers.html to do this); with http://moodle.org you will get:
HTTP/1.1 200 OK
Date: Fri, 21 Jan 2005 20:15:27 GMT
Server: Apache
X-Powered-By: PHP/4.3.9
X-Accelerated-By: PHPA/1.3.3r2
Set-Cookie: MoodleSession=73b873dedd272a28ff7b3d32f3a7db41; path=/
Expires:
Cache-Control: private, pre-check=0, post-check=0, max-age=0
Pragma: no-cache
Accept-Ranges: none
Connection: close
Content-Type: text/html; charset=iso-8859-1
HTTP/1.1 200 OK
Cache-Control: public
Content-Length: 15599
Content-Type: text/html
Expires: Fri, 21 Jan 2005 21:21:41 GMT
Last-Modified: Fri, 21 Jan 2005 18:35:01 GMT
Server: Microsoft-IIS/6.0
X-AspNet-Version: 1.1.4322
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
X-Powered-By: ASP.NET
Date: Fri, 21 Jan 2005 20:17:12 GMT
Connection: close
P3P: CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
5. With Apache this is a straightforward three-step-process:
--> Editing the ...Apache2/conf/httpd.conf on your moodle server, your change the line
#LoadModule headers_module modules/mod_headers.so
to
LoadModule headers_module modules/mod_headers.so
This uncommenting enables header extensions.
--> In the same file, you insert the following three lines (use your specific moodle root directory instead of my C:/Moodle):
<Directory "C:/Moodle">--> Save the httpd.conf and restart the Apache server.
header append P3P: 'CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"'
</Directory>
6. Testing should start by looking at your header only (again: you can use http://www.delorie.com/web/headers.html with your moodle servers address). It should be different from before, i.e. have the P3P-Definition line added.
7. Getting errors? Look at your server's error log (...Apache2/logs/error.log):
With something like "header statement unknown" you most likely forgot to uncomment the LoadModules-line.
With something like "header not allowed at this..." you might have the wrong directory in your statement.
With something like ".htaccess" you probably have an access definition file in the directory. Rather than using <Directory...></Directory> in your httpd.conf you can then add the header-line directly to that .htaccess file
8. No access to your httpd.conf file since your are not the administrator of the server?
You can put the P3P-line in a .htaccess file and place it in the moodle directory.
Good luck,
Klaus
