P3P Header solves Cookie cross-origin issues

P3P

P3P is a kind of standard defined by the Platform for Privary Preferences. It can protect your privacy rights, enable Internet attackers to choose whether to collect and use their personal information when accessing the website. If a site does not comply with the P3P standard, then Cookies related to it will be automatically rejected, and P3P can also detect multiple cookie embedding methods. P3P was developed by the Global Information alliance.

Example

When an iframe exists on the Response Surface, you must add the P3P Header information on the Dynamic Response Surface of the iframe to retrieve the cookie on the Response Surface of the iframe framework, otherwise, it cannot be obtained under IE. Because IE has a security policy, it restricts the failure to store third-party cookies on the Response Surface (Note: The first cookie is the first cookie on the Response Surface before sending the request, A third-party cookie is a cookie of a Website other than a previous website ).

Copy codeThe Code is as follows:
<? Php
// Http://www.a.com/a_setcookie.php file content:
Setcookie ("test", "testval", time () + 3600, "/", ".a.com ");
// Http://www.a.com/a_getcookie.php file content:
Var_dump ($ _ COOKIE );
/*-----------------------------------------------------------------------
Http://www. B .com/ B _setcookie.php File Content:
<Iframe src = "http://www.a.com/a_setcookie.php? Id = www. B .com "> </iframe>
Access through a browser: http://www. B .com/ B _setcookie.php
Http://www.a.com/a_getcookie.phpafter accessing the B .com domain, we did not find the cookie value in the.com domain.
Change the file http://www.a.com/a_setcookie.php to the following:
--------------------------------------------------------------------------*/
Header ('p3p: CP = "CURa ADMa DEVa PSAo PSDo our bus uni pur int dem sta pre com nav otc noi dsp cor "');
Setcookie ("test", "testval", time () + 3600, "/", ".a.com ");
// Access again: http://www. B .com/ B _setcookie.php
// After http://www.a.com/a_getcookie.php is in the B .comdomain, set the cookievalue OF THE a.comdomain.

JS uses the P3P Protocol
Copy codeThe Code is as follows:
Xmlhttp. setRequestHeader ("P3P", 'cp = "CURa ADMa DEVa PSAo PSDo our bus uni pur int dem sta pre com nav otc noi dsp cor "');