IE third-party settings cookie invalidation

Company's products, the use of multi-service allocation of pressure, the middle must be involved in a single point of landing. The general single sign-on is to go to the User Center login, 302 or page callback method, return to the pre-landing page.

Company projects, want to user experience better, using the frame landing, you can consider the IFrame or form submission method. IFrame needs to solve the problem of cross-domain communication, of course, there is a solution. If the form is submitted, there is a user name password error, or it needs to be handled in the User Center.

Finally select the JSONP scheme cross-domain commit, which also has some problems, security aspects of user name password get way passed, you can consider adding a signature to prevent the original password leakage.

In the use of Jsonp way landing, test feedback, ie no way to login, other browsers can be. The first reaction is that the third party set the cookie to expire, which was actually encountered before. Set the P3P header at the 3rd party site where you need to set the cookie.

Response (). AddHeader ("P3P", "cp=/" IDC DSP COR CURa ADMa our IND PHY ONL COM sta/");

　　The master article referred to the minimalist way, did not try.

(Snail advertising system, there are also some reaction said is, at that time with their own cross-domain communication, a start is thought window.name caused problems, and then suddenly remembered, recently looked at the leader's article, the original browser security issues, need to set up P3P. ）

IE third-party settings cookie invalidation