Cookie and session Cross-Origin login code (ie6, ie7, firefox)

Source: Internet
Author: User
Tags auth php tutorial setcookie

In frameset, the frame is from a third-party site (different ip addresses or different domain names). By default, ie will automatically disable cookies for these sites, that is, when requesting a url, do not send their cookies in the http header, including the session cookies. Note that the cookies set by these sites in response will still be sent to the browser.

But like ie 6.0 and ie 7.0 have their own standards. to support p3p, the default privacy level of ie 6 is set to "medium" -- "block third-party cookies without contractual privacy policies ". A. in the php Tutorial, a.com writes the first cookie, and its embedded iframe points to B. php. at this time, B .com writes a third-party cookie, so it is taken out of the door by ie.

Therefore, each time a user submits a cookie, it fails because the server cannot be uploaded.

Okay. Let's talk about the solution.

Php program

Can be written directly to website B
<? Php
Header ('p3p: cp = "cura adma deva pstutorial ao psdo our bus uni pur int dem sta pre com nav otc noi dsp cor "')
?>
In this way, you can accept third-party cookies.

Lighttpd server

Server. modules = ("mod_setenv ")

Setenv. add-response-header = ("p3p" => "cp = 'cura adma deva psao psdo our bus uni pur int dem sta pre com nav otc noi dsp core '")

Apache server

<Virtualhost>

Header set p3p 'CP = "cura adma deva psao psdo our bus uni pur int dem sta pre com nav otc noi dsp cor "'

</Virtualhost>

Iis server
Add a website http header to solve the problem;
Management tool --> select a website --> properties --> http header, add an http header
Enter the header name: p3p
Input header content: cp = cao psa our

If you want to log on, configure the following settings:

Setcookie ('auth _ member_string ', 0, time () + 3600,'/', $ cfg ['domain']);
Setcookie ('auth _ member_name ', 0, time () + 3600,'/', $ cfg ['domain']);
Setcookie ('auth _ member_realname ', 0, time () + 3600,'/', $ cfg ['domain']);

Logout

Setcookie ('auth _ member_string ', 0, time ()-1,'/', $ cfg ['domain']);
Setcookie ('auth _ member_name ', 0, time ()-1,'/', $ cfg ['domain']);
Setcookie ('auth _ member_realname ', 0, time ()-1,'/', $ cfg ['domain']);

Here is a test instance.

I only write a rough one. For the convenience of testing, edit the hosts file and add the test domain name (c: windowssystem32driversetchosts)

127.0.0.1 www.a.com
127.0.0.1 www. B .com

First, create the_setcookie.php file with the following content:

<? Php
// Header ('p3p: cp = "cura adma deva psao psdo our bus uni pur int dem sta pre com nav otc noi dsp cor "');

Setcookie ("test", $ _ get ['id'], time () + 3600, "/", ".a.com ");
?>

Then, create the_getcookie.php file with the following content:

<? Php
Var_dump ($ _ cookie );
?>

Finally, create the B _setcookie.php file with the following content:

<Script src = "http://www.a.com/a_setcookie.php? Id = www. B .com "> </script>

----------------------------

After the three files are created, you can access them through the browser in sequence:

Http://www. B .com/ B _setcookie.php
Http://www.a.com/a_getcookie.php

We will find that when accessing the B .com domain, we did not set the cookie value in the.com domain.

Then, modify the_setcookie.php file and remove the annotator. a_setcookie.php is:

<? Php
Header ('p3p: cp = "cura adma deva psao psdo our bus uni pur int dem sta pre com nav otc noi dsp cor "');

Setcookie ("test", $ _ get ['id'], time () + 3600, "/", ".a.com ");
?>

Access the service in sequence through the browser again:

Http://www. B .com/ B _setcookie.php
Http://www.a.com/a_getcookie.php

This time, you will find that when accessing the B .com domain, we set the cookie value for the.com domain.

Finally, it seems that only ie has strict restrictions on cross-origin access cookies. The above code is tested in firefox and can be successful even if no p3p header information is sent.

Related Article

E-Commerce Solutions

Leverage the same tools powering the Alibaba Ecosystem

Learn more >

Apsara Conference 2019

The Rise of Data Intelligence, September 25th - 27th, Hangzhou, China

Learn more >

Alibaba Cloud Free Trial

Learn and experience the power of Alibaba Cloud with a free trial worth $300-1200 USD

Learn more >

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.