Today engaged in a login page, by another site with an IFRAME embedded in, dead and dead can not log in (ie is only in the case of this situation).
It is obvious that the session cannot be saved. But directly in the address bar to open the login page, everything is normal AH. That's weird.
Search the Internet for a moment. It is true that many people have mentioned this problem. The final workaround is to add the following code to the login page:
Copy Code code as follows:
<span style= "Font-family:microsoft Yahei; Font-size:14px ">header (' p3p:cp=" all ADM DEV Psai COM our otro STP IND ONL ");
Session_Start ();</span>
This problem may be related to the location jump that my login page is using JavaScript. But there was no in-depth test study.
Here is the expanded reading:
---------------------------------------------
Today, when dealing with the application of Tencent friends, the test sent me a work order, said the application on the IE7 can not be used. A login timeout error occurred.
The first reaction was that the session was lost.
So the internet to find the next IE7 iframe session loss problem. Later found the following article, problem solving:
=============================================
Yesterday, the time diary I did on campus was finally online. Online on the first day there are more than 80 users installed, but outside received a lot of users feedback said the application is not available. I have previously developed on the Firefox (estimated campus staff are also used to audit the Firefox), in the use of IE7 test, but found that the page outside the homepage can not open normally.
Looking up a lot of data on the Internet, it is found that there is such a problem in IE7: if there is one or more IFRAME pages in the page, creating the session in the subpage may not be successful so that the session data cannot be shared with other pages. In the development of school, 51 applications, the assumption of the use of IFRAME, it is likely to encounter such problems. And this problem only exists in the IE7 browser and I have no problem testing in browsers such as Firefox, IE6, and Chrome.
The solution is: Before running Session_Start, add the following sentence to the program (in the case of the PHP language), roughly declaring the security level to the browser so that the IFRAME child page will not have a problem creating the session:
Header (' p3p:cp= "all ADM DEV Psai COM our otro STP IND ONL");
In addition, I learned that if the level two domain name contains underscores, such as: your_domain.yourhost.com, you may also have problems creating and passing sessions.
A little feeling:
1 After many years, browser compatibility problem is still not completely resolved, ie browser is still so let developers feel pain and torture.
2 before publishing the application, be sure to undergo a rigorous browser compatibility test, otherwise there may be loss of application of the first batch of users.
==============================================
Other reference articles:
==============================================
Resolving problems with session loss caused by Jsessionid undeliverable in IFRAME
Http://618119.com/archives/2007/12/19/48.html
SSO is needed to implement the ISMP2.1.1 interface, and the interface defined in ISMP needs to invoke the SSO interface in an embedded page such as IFRAME, and it is found that the session does not pass normally in actual development.
The scenario for reproducing the problem is:
1. Visit a site first: http://192.168.18.2/test.jsp
The test.jsp code is:
Copy Code code as follows:
<title> 618119.com </title>
<body>
<iframe src= "Http://192.168.18.3/sso.jsp?ssoinfo=xxxx" >
</iframe>
</body>
SSO. JSP read the Ssoinfo in the pass, call the ISMP authentication interface in reverse,
Generates a session and then puts the specified property value in the
Session. setattribute ("Ssouser", "Lizongbo");
Page Redirect to http://192.168.18.3/iframe.jsp
Response.sendredirect ("/iframe.jsp");
Iframe.jsp to read the Ssouser attribute value in the session, you will find that it cannot be read.
2. If you visit the 192.168.18.3 page first, and then visit the 192.168.18.2 page, the IFRAME embedding can pass the generated Jsessionid Cookie.
The solution is therefore:
A. Add Jsessionid to the URL.
For example Redirect to Response.sendredirect ("/iframe.jsp;jsessionid =lizongbo");
In this case, if the URL of the other connection within the Iframe.jsp page is not added Jsessionid,
You cannot continue to pass the session, but add Jsessionid to the href attribute overrides for each hyperlink in the client's JS.
Set P3P header information in b.sso.jsp
For example p3p:cp= "cura ADMa DEVa Psao psdo our bus UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
or p3p:cp= "CAO PSA our"
The Java code is:
Response.AddHeader ("P3P", "/" CAO PSA our/")";
