P3P Header solves Cookie cross-origin issues

Source: Internet
Author: User
Tags setcookie

P3P

P3P is a kind of standard defined by the Platform for Privary Preferences. It can protect your privacy rights, enable Internet attackers to choose whether to collect and use their personal information when accessing the website. If a site does not comply with the P3P standard, then Cookies related to it will be automatically rejected, and P3P can also detect multiple cookie embedding methods. P3P was developed by the Global Information alliance.

Example

When an iframe exists on the Response Surface, you must add the P3P Header information on the Dynamic Response Surface of the iframe to retrieve the cookie on the Response Surface of the iframe framework, otherwise, it cannot be obtained under IE. Because IE has a security policy, it restricts the failure to store third-party cookies on the Response Surface (Note: The first cookie is the first cookie on the Response Surface before sending the request, A third-party cookie is a cookie of a Website other than a previous website ).

Copy codeThe Code is as follows:
<? Php
// Http://www.a.com/a_setcookie.php file content:
Setcookie ("test", "testval", time () + 3600, "/", ".a.com ");
// Http://www.a.com/a_getcookie.php file content:
Var_dump ($ _ COOKIE );
/*-----------------------------------------------------------------------
Http://www. B .com/ B _setcookie.php File Content:
<Iframe src = "http://www.a.com/a_setcookie.php? Id = www. B .com "> </iframe>
Access through a browser: http://www. B .com/ B _setcookie.php
Http://www.a.com/a_getcookie.phpafter accessing the B .com domain, we did not find the cookie value in the.com domain.
Change the file http://www.a.com/a_setcookie.php to the following:
--------------------------------------------------------------------------*/
Header ('p3p: CP = "CURa ADMa DEVa PSAo PSDo our bus uni pur int dem sta pre com nav otc noi dsp cor "');
Setcookie ("test", "testval", time () + 3600, "/", ".a.com ");
// Access again: http://www. B .com/ B _setcookie.php
// After http://www.a.com/a_getcookie.php is in the B .comdomain, set the cookievalue OF THE a.comdomain.

JS uses the P3P Protocol
Copy codeThe Code is as follows:
Xmlhttp. setRequestHeader ("P3P", 'cp = "CURa ADMa DEVa PSAo PSDo our bus uni pur int dem sta pre com nav otc noi dsp cor "');

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.