PHP uses P3P headers to set cookies across domains

Source: Internet
Author: User
In PHP development, we encounter the cross-domain is mainly tangled in IE, the page iframe or frame or JS cross-domain, IE has a security policy limit pages without cookies, but if we add P3P, there is no restriction of this strategy.

This is also P3P to break through the possibility of cross-domain, in fact, in the Firefox Chorme class browser There is no such restrictions.

First of all, what do we know about P3P?

P3P (Platform for Privacy Preferences) is a recommended standard for privacy protection published by the public to provide privacy protection for users.

The idea of the P3P standard is that the privacy policy of the WEB site should inform visitors about the types of information that the site collects, what information will be provided to whom, how long the information will be retained and how much information is used, such as the site should do such as "This site will monitor the pages you visit to improve site usage" or " This site will provide you with the best possible advertising "and other statements."

Users who visit the support P3P website have the right to view the site Privacy Report and then decide whether to accept cookies or use the site.

The following is an instance of PHP using the P3P header to set cookies across domains: http://www.a.com/a_setcookie.php file contents:

http://www.a.com/a_getcookie.php File Contents:

http://www.b.com/b_setcookie.php File Contents:

Access via browser: http://www.b.com/b_setcookie.phphttp://www.a.com/a_getcookie.php after accessing the 1 B.Com domain, we did not find the cookie value in the a.com domain.

At this point, if you change the contents of the http://www.a.com/a_setcookie.php file as follows:

Header (' p3p:cp= ' CURa ADMa DEVa Psao psdo our BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR "');
Setcookie ("Phpernote", $_get[' id '], time () +3600, "/", ". a.com");

?>

Revisit: http://www.b.com/b_setcookie.phphttp://www.a.com/a_getcookie.php after accessing the B.Com domain, the cookie value for the a.com domain is set.

From the above example, we can see the cross-domain implemented by sending P3P header information (the P3P can be successful across domains if Firefox does not send it). The key part of the above code is the code that PHP uses the P3P protocol: header (' p3p:cp= ' CURa ADMa DEVa Psao psdo our BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP C or "');

  • Related Article

    Contact Us

    The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

    If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

    A Free Trial That Lets You Build Big!

    Start building with 50+ products and up to 12 months usage for Elastic Compute Service

    • Sales Support

      1 on 1 presale consultation

    • After-Sales Support

      24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.