Php uses the p3p header for cross-origin cookie Access

Welcome to the Linux community forum and interact with 2 million technical staff. Go to php and set the p3p header to solve the cross-origin cookie Access problem: we all know that Cookies cannot be cross-origin, however, you can solve this problem by setting the p3p header. To test, edit the hosts file and add the test domain name (in C: WINDOWSsystem32driversetchos

Welcome to the Linux community forum and interact with 2 million technical staff> go to php and set the p3p header to solve the cookie cross-origin access problem: we all know that Cookies cannot be cross-origin, however, you can solve this problem by setting the p3p header. To test, edit the hosts file and add the test domain name (in C: \ WINDOWS \ system32 \ drivers \ etc \ hos ).

Welcome to the Linux community forum and interact with 2 million technicians>

In php, you can set the p3p header to solve the cross-origin cookie Access problem:

We all know that Cookies cannot be cross-origin, but you can solve this problem by setting the p3p header.

To test, edit the hosts file and add the test domain name (in C: \ WINDOWS \ system32 \ drivers \ etc \ hosts)

127.0.0.1 www.a.com

127.0.0.1 www. B .com

First, create the_setcookie.php file with the following content:

// Header ('p3p: CP = "CURa ADMa DEVa PSAo PSDo our bus uni pur int dem sta pre com nav otc noi dsp cor "');

Setcookie ("test", $ _ GET ['id'], time () + 3600, "/", ".a.com ");

Then, create the_getcookie.php file with the following content:

Var_dump ($ _ COOKIE );

Finally, create the B _setcookie.php file with the following content:

After the three files are created, you can access them through the browser in sequence:

We will find that when accessing the B .com domain, we did not set the cookie value in the.com domain.

Then, modify the_setcookie.php file and remove the annotator. a_setcookie.php is:

Header ('p3p: CP = "CURa ADMa DEVa PSAo PSDo our bus uni pur int dem sta pre com nav otc noi dsp cor "');

Setcookie ("test", $ _ GET ['id'], time () + 3600, "/", ".a.com ");

Access the service in sequence through the browser again:

This time, you will find that when accessing the B .com domain, we set the cookie value for the.com domain.

It seems that only IE has strict restrictions on cross-origin access cookies. The above code is tested in FIREFOX and can be successful even if no P3P header information is sent.