PHP uses the P3P header to implement a cross domain cookie

Source: Internet
Author: User
Tags curl header implement php file setcookie domain access

In the development, we encountered the Cross-domain main or tangled in IE, the page of the IFRAME or frame or JS cross-domain, IE has security policy restrictions page without cookies, but if we add P3P, there is no limit to this strategy. This is also P3P to break through the feasible premise of Cross-domain, in fact, in Firefox Chorme class browser is not the limit.

First, let's find out what P3P is.

P3P (Platform for privacy Preferences) is a privacy protection recommendation published by the Consortium to provide privacy protection for users.

The idea of the P3P standard is that a Web site's privacy policy should tell visitors what type of information the site collects, information will be provided to whom, how long the information will be retained, and how the information is used, such as "The site will monitor the pages you visit to improve site usage" or " This site will provide you with as much appropriate advertising as possible "and so on. Users who access the P3P Web site have permission to view the site's privacy report and then decide whether to accept cookies or use the site.

The following is an instance of PHP using the P3P header to implement a cross domain setting cookie :

http://www.a.com/a_setcookie.php File Contents:

<?php Setcookie ("Alixixi", $_get[' id '), time () +3600, "/", ". a.com");?>

http://www.a.com/a_getcookie.php File Contents:

<?php Var_dump ($_cookie);?>

http://www.b.com/b_setcookie.php File Contents:

<script src= "http://www.a.com/a_setcookie.php?id=www.b.com" ></script>

Access via browser:

http://www.b.com/b_setcookie.php

http://www.a.com/a_getcookie.php

After accessing the 1 B.Com domain, we did not set the cookie value on the a.com domain discovery.

At this point, if you change the contents of the http://www.a.com/a_setcookie.php file to the following:

<?php
Header (' p3p:cp= "cura ADMa DEVa Psao psdo We bus UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"];
Setcookie ("Alixixi", $_get[' id '), time () +3600, "/", ". a.com");
?>

Visit again:

http://www.b.com/b_setcookie.php

http://www.a.com/a_getcookie.php

After accessing the B.Com domain, the cookie value for the a.com domain is set.

From the example above, you can see that cross-domain (which can be successful across domains without sending P3P in Firefox) by sending P3P header information.

The key part of the above code is also the code that PHP uses the P3P protocol:

Header (' p3p:cp= "cura ADMa DEVa Psao psdo We bus UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"];

Articles that you may be interested in

    • jquery Operations Cookie,jquery read Cookie,jquery settings cookie,jquery Delete cookies
    • How PHP uses the filter function to verify mailboxes, URLs, and IP addresses
    • JS Operation Cookie,js Read COOKIE,JS settings cookie,js Delete Cookie Summary
    • PHP using curl to implement multithreaded classes, PHP curl multi-Threaded download pictures
    • PHP uses regular filters for various labels, spaces, line breaks, code
    • PHP uses Curl functions to implement multi-threaded crawl Web pages and download files
    • Summary of methods for using Curl post submission data and get access to Web page data in PHP
    • How does PHP identify a computer or mobile phone to visit a website


Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.