Author: finalbsd
Original: http://www.sanotes.net/html/y2008/164.html
Copyright. The author and original source and this statement must be indicated in the form of links during reprinting.
View Original
I read a piece of information about it on the Internet.ArticleIt seems cool to use p3p to complete cross-origin cookie operations, but no source is provided.CodeLet's take a look.
ActualWork.
I only write a rough one. For the convenience of testing, edit the hosts file and add the test domain name (c: \ windows \ system32 \ drivers \ etc \ hosts)
127.0.0.1 www.a.com
127.0.0.1 www. B .com
First, create the_setcookie.php file with the following content:
<? PHP
// Header ('p3p: Cp = "Cura ADMA Deva psao psdo our bus uni pur int DEM sta pre com nav OTC Noi DSP cor "');
Setcookie ("test", $ _ Get ['id'], time () + 3600, "/", ".a.com ");
?>
Then, create the_getcookie.php file with the following content:
<? PHP
Var_dump ($ _ cookie );
?>
Finally, create the B _setcookie.php file with the following content:
<SCR platinum PT src = "http://www.a.com/a_setcookie.php? Id = www. B .com "> </scr platinum Pt>
----------------------------
After the three files are created, you can access them through the browser in sequence:
Http://www. B .com/ B _setcookie.php
Http://www.a.com/a_getcookie.php
We will find that when accessing the B .com domain, we did not set the cookie value in the.com domain.
Then, modify the_setcookie.php file and remove the annotator. a_setcookie.php is:
<? PHP
Header ('p3p: Cp = "Cura ADMA Deva psao psdo our bus uni pur int DEM sta pre com nav OTC Noi DSP cor "');
Setcookie ("test", $ _ Get ['id'], time () + 3600, "/", ".a.com ");
?>
Access the service in sequence through the browser again:
Http://www. B .com/ B _setcookie.php
In this case, the browser can see:
Test received http://www. B .com // a.com Fri, 18-jul-2008 04:15:45 GMT
P3p header output:
Http://www.a.com/a_getcookie.php access
We can see that the cookie contains:
Test sent http://www. B .com // a.com Fri, 18-jul-2008 04:15:45 GMT
Page output:
Array (1) {["test"] => string (9) "http://www. B .com /"}
This time, you will find that when accessing the B .com domain, we set the cookie value for the.com domain.
Finally, it seems that only IE has strict restrictions on cross-origin access cookies. The above code is tested in Firefox and can be successful even if no p3p header information is sent. But IE is the boss.
Reference: http://www.w3.org/P3P/
Supplement: cn.yahoo.com uses this feature.