I have been encountered the problem of using cookies on IE for a while.
The problem surfaces because a facebook app is run in an iFrame. Therefore, IE considers it as a third-party cookie.
In IE, one can choose a privacy option to be high. This means that, without a privacy policy, IE won't allow you to use cookies.
* Privacy Policy is W3C standard, which only IE takes it seriously.
We have found the way to make cookies work even users set the privacy to be the second-highest option. (Even hotmail does not work.)
We have to use these compact polciies: NOI COR PSA OUR IND OTC
Here are their meanings:
NOI = Web Site does not collected identified data.
COR = Errors or wrongful actions arising in connection with the privacy policy will be remedied by the service.
PSA = Information may be used to create or build a record of a particular individual or computer that is tied to a pseudonymous identifier, without tying identified data
OUR = Ourselves and/or entities acting as our agents or entities for whom we are acting as an agent. (I don't know what this means)
IND = Information is retained for an indeterminate period of time. The absence of a retention policy would be reflected under this option. Where the recipient is a public fora, this is the appropriate retention policy. (This is to use never-expired cookies)
OTC = Other types of data not captured by the above definitions. (This says that we won't contact user in real world or online world (which is a lie because we contact users by their emails)
Basically, these compact policies say that we don't identify users, which is a lie because we have users' facebook id.
But, hey, it works ...
