Iframe cross-origin and session failure

What is cross-origin session/cookie?

 

That is, third-party session/cookie. The first session/cookie indicates the seesion/cookie set by the visitor's current website for the visitor's browser, which will be stored on the visitor's computer. Third-party session/cookie indicates that the website currently accessed will load (embed) other third-party website code, such as promotional advertisements, the third-party website will also add session/cookie on the visitor's computer, which is a third-party session/cookie.

 

My questions

When developing messaging online products (http://iap.pgia.net) to test compatibility with various browsers, IE browser (v7 \ 8) was found unable to log on (always prompt verification code Mismatch Error ), other browsers do not have this problem (firefox, Baidu, etc ). Therefore, we can conclude that this is not related to the browser.

 

Preliminary analysis:

The server log shows that the sessionId is constantly changing during access using IE (v7 \ 8). A new sessionId is generated for each request.

Obviously, this is the only cause of Logon failure. If you solve this problem, you can log on normally.

 

In-depth analysis:

Why does this happen in IE browser (v7 \ 8)? After Baidu understands it, he learned:

IEIframeCookieIE6/IE7P3P (Platform for Privacy Preferences Project (P3P) specification) cookieFirefoxChrome

Session CookiesessionIdcookieCookieCookie

My application structure is exactly like this, that is, an iframe embedded in a remote application is implemented.

 

P3P

Add the following code to the Framework page:

<%    response.setHeader(,%>  

So far, the problem has been solved