In ie, the IFRAME cross-origin session loss problem p3p

When integrating the client's login, or when another website uses IFRAME, especially an HTTP page, when accessing an HTTPS page, the session is often invalid!
 
1. Due to IE security restrictions, it is okay to add the domain of the parent to the trusted site!
2. When the "parent" page is HTTPS and accessed through IFRAME.

<iframe name="loginFrame" id="loginFrame" frameborder=NO scrolling=NO src="" class="iframeBody" ></iframe>

 
"Insecure information" is reported"
 
The solution is: src = "/". OK!
 
3. What should I do when the customer sets 1 and is not running? I also found some online materials!
 
The p3p (Platform for privacy preferences Project (p3p) Specification) protocols supported by IE6 and IE7 prevent third parties from using cookies without privacy security claims by default. Firefox does not currently support p3p security features, this problem does not occur in Firefox.
 
In frameset, the frame is from a third-party site (with different IP addresses or domain names). By default, ie will automatically disable cookies for these sites, that is, when requesting a URL, do not send their cookies in the HTTP header, including the session cookies. Note that the cookies set by these sites in response will still be sent to the browser.
 
Browse. in PHP, a.com writes the first cookie, and its embedded IFRAME points to B. PHP. at this time, B .com writes a third-party cookie, so it is taken out of the door by IE. Therefore, each time a user submits a cookie, it fails because the server cannot be uploaded.

Solution.
 
PHP Program
 
Can be written directly to website B

<?phpheader('P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"')?>

 

In this way, you can accept third-party cookies.
 
Lighttpd Server
 

server.modules    = ("mod_setenv") setenv.add-response-header = ( "P3P" => "CP='CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'") 

 

Apache server
 

<VirtualHost> Header set P3P 'CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"' </VirtualHost>

 
IIS server
Add a website http header to solve the problem;
Management tool --> select a website --> properties --> HTTP header, add an HTTP Header
Enter the header name: p3p
Input header content: Cp = CaO PSA our
 
JSP page:
 

<% response.setHeader("P3P","CP=CAO PSA OUR"); %>

 
The simplest method of Java code is to add a filte:
 

Public class transnamefilter extends httpservlet implements filter {Private Static Org. apache. commons. logging. log logwriter = logfactory. getlog (transnamefilter. class. getname ();/*****/Public transnamefilter () {super ();}/* (not javadoc) * @ see javax. servlet. filter # Init (javax. servlet. filterconfig) */Public void Init (filterconfig arg0) throws servletexception {}/* (non-javadoc) * @ see javax. servlet. fi LTER # dofilter (javax. servlet. servletrequest, javax. servlet. servletresponse, javax. servlet. filterchain) */Public void dofilter (servletrequest request, servletresponse response, filterchain chain) throws ioexception, servletexception {httpservletrequest hreq = (httpservletrequest) request; string transname = hreq. getparameter ("transname"); If (util. isnullorempty (transname) {logwriter. fatal ("there Is no transname for this request ");} else {logwriter.info (" transname is "+ transname);} httpservletresponse res = (httpservletresponse) response; // internal cookie loss res caused by IFRAME. setheader ("p3p", "cp = CaO PSA our"); If (chain! = NULL) chain. dofilter (request, response);}/* (non-javadoc) * @ see javax. servlet. filter # destroy () */Public void destroy (){}}