Cross-domain access cookie (read and set)

On the one hand, Passport means that one account can be used to log on to different services. On the other hand, it means that you can freely roam to other services after logging on to a service. Frankly speaking, sohu passport is currently very poor at this point (but it is a great job to do it well, hehe) sohu's SSO needs are quite troublesome, because it has many domain names: sohu.com, chinaren.com, sogou.com, focus.cn, 17173.com, and go2map.com, the main obstacle to user roaming also comes from this. In the past, the E-mail system provided a URL when integrating with other systems. You can click this link from a third-party system to generate the cookie required to access the mail interface and then enter the mail. This method is indeed effective, but the problem is:
1. Each external link must be redirected using a special URL, which is difficult to maintain.
2. The integration of the two systems is already very troublesome. If there are several integrated systems, they need to jump to each other and the lack of a central mechanism becomes a nightmare.
3. Users cannot access the service directly by entering an address in the address bar.

Even if it is cross-origin, the above solution is relatively easy.
A. First, all logins must first pass A central server for authentication, and then plant A cookie (hereinafter referred to as an sso cookie) for the browser)
B. When a user accesses another domain name app, the browser cannot directly send the sso cookie to the server for authentication. In this case, javascript should be used to dynamically create a hidden iframe so that it can access sso.
C. The iframe request can send the sso cookie to the sso server. After the sso server verifies the cookie, a redirected page is returned to a URL of the app, which sets the app cookie
D. The page container displayed on the browser can actually interact with the redirected content. For example, you can use js control to find that the redirected page is successfully returned, and then refresh the whole page to make it look like there is no difference with the user's access after login.

The following are real tips: How can I set cookies across domains in IE?
Does the above technology look good? However, the premise is that all logins are post to the sso server, and the app page is returned after authentication is successful. One of the requirements I can accept is to support refreshing page logon. Ha! That is to say, the action that originally submitted the login form on chinaren.com should be the sso server passport.sohu.com. However, in the AJAX tide, chinaren plans to use XMLHTTPRequest for submission, which is troublesome because it cannot be submitted across domains. The solution is to generate a cookie across domains, that is, after js finds that the password has been verified successfully, it will generate a valid cookie on passport.sohu.com. the above cross-origin read cookie scheme seems to be easy to deduce: it is to create an implicit iframe so that the iframe can call the URL of passport.sohu.com to generate a cookie. Unfortunately, this method works well in Fx, but it cannot be applied on IE. (The cookie privacy warning is displayed on the IE status bar, and the red background is displayed.) I have tried many methods, including creating and setting nodes, including using js, however, Internet Explorer repeatedly blocked the browser. Google does not have any real answers. Either the method described on the Chinese webpage is wrong or there is no solution. Finally, with the help of a chinaren buddy, I found out the method they used to interact with alumni.sohu.com (I don't know who found it ),You only need to set the P3P HTTP HeaderIn the implicit iframe, you can set the cookie across domains. They used the following content:

P3P: CP = "CURa ADMa DEVa PSAo PSDo our bus uni pur int dem sta pre com nav otc noi dsp cor"

Finally, I made a small demonstration: How does a cookie interact with vmx.cn and dup2.net?

1. http://qiuyingbo.test.vmx.cn/cookie.php

2. Click reset cookie and you will see that the vmx.cn cookie has been set.

3. Connect to the http://www.dup2.net/vmx/cookie.html at this page point

4. click "get corss-domain cookie ".. (in this case, js will create an iframe and request qiuyingbo.test.vmx.cn. The return page redirects the cookie value back to another URL of dup2.net as the GET parameter .)

5. click "display corss-domain cookie ".. now we can see the vmx.cn cookie 6. enter other values in the input box on the page and click "set cross-domain cookiea". This action will automatically set the cookie of vmx.cn.

7. Click the link back to the http://qiuyingbo.test.vmx.cn/cookie.php to see the new value.

<Iframe width = 0 height = 0 id = "refleshcookieby1home" src = "http://www.tianya.cn/cookie/refleshonlineby1home.asp? Idwriter = <% = idWriter %> & key = <% = key %> & strwriter = <% = strWriter %> ">