Cookie and session Cross-Origin login code (ie6, ie7, firefox)

In frameset, the frame is from a third-party site (different ip addresses or different domain names). By default, ie will automatically disable cookies for these sites, that is, when requesting a url, do not send their cookies in the http header, including the session cookies. Note that the cookies set by these sites in response will still be sent to the browser.

But like ie 6.0 and ie 7.0 have their own standards. to support p3p, the default privacy level of ie 6 is set to "medium" -- "block third-party cookies without contractual privacy policies ". A. in the php Tutorial, a.com writes the first cookie, and its embedded iframe points to B. php. at this time, B .com writes a third-party cookie, so it is taken out of the door by ie.

Therefore, each time a user submits a cookie, it fails because the server cannot be uploaded.

Okay. Let's talk about the solution.

Php program

Can be written directly to website B
<? Php
Header ('p3p: cp = "cura adma deva pstutorial ao psdo our bus uni pur int dem sta pre com nav otc noi dsp cor "')
?>
In this way, you can accept third-party cookies.

Lighttpd server

Server. modules = ("mod_setenv ")

Setenv. add-response-header = ("p3p" => "cp = 'cura adma deva psao psdo our bus uni pur int dem sta pre com nav otc noi dsp core '")

Apache server

<Virtualhost>

Header set p3p 'CP = "cura adma deva psao psdo our bus uni pur int dem sta pre com nav otc noi dsp cor "'

</Virtualhost>

Iis server
Add a website http header to solve the problem;
Management tool --> select a website --> properties --> http header, add an http header
Enter the header name: p3p
Input header content: cp = cao psa our

If you want to log on, configure the following settings:

Setcookie ('auth _ member_string ', 0, time () + 3600,'/', $ cfg ['domain']);
Setcookie ('auth _ member_name ', 0, time () + 3600,'/', $ cfg ['domain']);
Setcookie ('auth _ member_realname ', 0, time () + 3600,'/', $ cfg ['domain']);

Logout

Setcookie ('auth _ member_string ', 0, time ()-1,'/', $ cfg ['domain']);
Setcookie ('auth _ member_name ', 0, time ()-1,'/', $ cfg ['domain']);
Setcookie ('auth _ member_realname ', 0, time ()-1,'/', $ cfg ['domain']);

Here is a test instance.

I only write a rough one. For the convenience of testing, edit the hosts file and add the test domain name (c: windowssystem32driversetchosts)

127.0.0.1 www.a.com
127.0.0.1 www. B .com

First, create the_setcookie.php file with the following content:

<? Php
// Header ('p3p: cp = "cura adma deva psao psdo our bus uni pur int dem sta pre com nav otc noi dsp cor "');

Setcookie ("test", $ _ get ['id'], time () + 3600, "/", ".a.com ");
?>

Then, create the_getcookie.php file with the following content:

<? Php
Var_dump ($ _ cookie );
?>

Finally, create the B _setcookie.php file with the following content:

<Script src = "http://www.a.com/a_setcookie.php? Id = www. B .com "> </script>

----------------------------

After the three files are created, you can access them through the browser in sequence:

Http://www. B .com/ B _setcookie.php
Http://www.a.com/a_getcookie.php

We will find that when accessing the B .com domain, we did not set the cookie value in the.com domain.

Then, modify the_setcookie.php file and remove the annotator. a_setcookie.php is:

<? Php
Header ('p3p: cp = "cura adma deva psao psdo our bus uni pur int dem sta pre com nav otc noi dsp cor "');

Setcookie ("test", $ _ get ['id'], time () + 3600, "/", ".a.com ");
?>

Access the service in sequence through the browser again:

Http://www. B .com/ B _setcookie.php
Http://www.a.com/a_getcookie.php

This time, you will find that when accessing the B .com domain, we set the cookie value for the.com domain.

Finally, it seems that only ie has strict restrictions on cross-origin access cookies. The above code is tested in firefox and can be successful even if no p3p header information is sent.