P3p solves Cross-Domain Cookie Access Problems

When I was doing a Traffic Statistics item recently, I accidentally found that IE had some security restrictions when writing cookies on pages in IFRAME, which led to the failure to read cookies, after finding a solution for a long time, find the following methods:

 

1. the cookie on the page cannot be the cookie of the browser process (including the verification ticket and the cookie without setting the timeout time), otherwise the cross-domain will not be obtained. this is rarely mentioned by people who use cross-origin cookies. however, I actually pay attention to the solutions made by several universities. I have mentioned that the cookies in their verification module set the timeout time.

2. when using IFRAME, remember to add the p3p information to the page header of the corresponding dynamic page. Otherwise, ie will consciously block the cookie in the IFRAME box, causing problems. if it is not saved, it cannot be obtained. this is actually a problem with frameset and cookie, which can be encountered by frame or IFRAME.

3. The trace output during the test reduces the test workload.

You only need to set the p3p HTTP HeaderIn the implicit IFRAME, you can set the cookie across domains. They used the following content:

P3p: Cp = 'cura ADMA Deva psao psdo our bus uni pur int DEM sta pre com nav OTC Noi DSP core'

ASP directly adds a header declaration in the header to test the validity.
<% Response. addheader "p3p", "cp = CaO PSA our" %>

PHP should be written as follows:
Header ('p3p: Cp = CaO PSA our ');

ASP. NET
InCodeAdd response. addheader ("p3p", "cp = CaO PSA our") or start ASP. NET state service in the window service.

JSP:
Response. setheader ("p3p", "cp = CaO PSA our ")