P3p completes cross-origin cookie

Author: finalbsd
Original: http://www.sanotes.net/html/y2008/164.html
Copyright. The author and original source and this statement must be indicated in the form of links during reprinting.

View Original
I read a piece of information about it on the Internet.ArticleIt seems cool to use p3p to complete cross-origin cookie operations, but no source is provided.CodeLet's take a look.

ActualWork.

I only write a rough one. For the convenience of testing, edit the hosts file and add the test domain name (c: \ windows \ system32 \ drivers \ etc \ hosts)

127.0.0.1 www.a.com
127.0.0.1 www. B .com

First, create the_setcookie.php file with the following content:

<? PHP
// Header ('p3p: Cp = "Cura ADMA Deva psao psdo our bus uni pur int DEM sta pre com nav OTC Noi DSP cor "');

Setcookie ("test", $ _ Get ['id'], time () + 3600, "/", ".a.com ");
?>

Then, create the_getcookie.php file with the following content:

<? PHP
Var_dump ($ _ cookie );
?>

Finally, create the B _setcookie.php file with the following content:

<SCR platinum PT src = "http://www.a.com/a_setcookie.php? Id = www. B .com "> </scr platinum Pt>

----------------------------

After the three files are created, you can access them through the browser in sequence:

Http://www. B .com/ B _setcookie.php
Http://www.a.com/a_getcookie.php

We will find that when accessing the B .com domain, we did not set the cookie value in the.com domain.

Then, modify the_setcookie.php file and remove the annotator. a_setcookie.php is:

<? PHP
Header ('p3p: Cp = "Cura ADMA Deva psao psdo our bus uni pur int DEM sta pre com nav OTC Noi DSP cor "');

Setcookie ("test", $ _ Get ['id'], time () + 3600, "/", ".a.com ");
?>

Access the service in sequence through the browser again:

Http://www. B .com/ B _setcookie.php
In this case, the browser can see:
Test received http://www. B .com // a.com Fri, 18-jul-2008 04:15:45 GMT
P3p header output:

Http://www.a.com/a_getcookie.php access
We can see that the cookie contains:
Test sent http://www. B .com // a.com Fri, 18-jul-2008 04:15:45 GMT

Page output:
Array (1) {["test"] => string (9) "http://www. B .com /"}

This time, you will find that when accessing the B .com domain, we set the cookie value for the.com domain.

Finally, it seems that only IE has strict restrictions on cross-origin access cookies. The above code is tested in Firefox and can be successful even if no p3p header information is sent. But IE is the boss.

Reference: http://www.w3.org/P3P/
Supplement: cn.yahoo.com uses this feature.