Solution for passing cookies in the framework (IFRAME/frameset)

Add:

Response. addheader ("p3p", "cp = CaO PSA our ");

-------------------

Solutions to session loss in IFRAME

Solutions to session loss in IFRAME: during development, we often use frame to work, and sometimes to integrate with other websites and apply it to multiple domains.

IFRAME cannot save the session. Therefore, you can find many relatedArticleIf the website can use the configuration in Web. config:

<Sessionstate
Mode = "StateServer"
Stateconnectionstring = "TCPIP = 127.0.0.1: 42424"
Sqlconnectionstring = "Data Source = 127.0.0.1; trusted_connection = yes"
Cookieless = "false"
Timeout = "40"
/>
Change cookieless = "false" to "true. But there is also a small problem, that is, if the page uses the Javascript window. Location. href = '',

The system will consider this as another new request and generate a new sessionid, resulting in the same loss of the original session. So for redirection

, Or use response. Redirect.

In addition to the problem of session loss in ifrmae, frameset also has the same problem. Frameset problems are more specific, sometimes lost, and sometimes not lost, which is a headache,

I found a method on the Internet and added a statement to page_onload:
Response. addheader ("p3p", "cp = CaO PSA our ");
The session loss problem in frameset is solved. There is no time to understand the specific reasons.

Bytes ------------------------------------------------------------------------------------------------------------------

-----------------------------

In practice, the above settings will result in the problem that we cannot receive the data post by the other party. The correct solution should be:

Http://www.cnblogs.com/suxvsheng/archive/2007/08/17/860157.html

Web pages in different domains in the IE framework cannot contain cookies ---- is a bug in IE browser?
An Internet Explorer problem was discovered by accident:
An iframe exists in page A. aspx of site aa.com. The SRC of IFRAME is B. aspx of site bb.com. B. aspx sets a cookie (whether temporarily saved or long)

And then refresh the token.

Cookie.
To be more precise, ie has lost the cookies of different domains in the framework.

View the privacy options of the browser. The default value is "medium ". Now, change the privacy level to "low", perform the above test again, and then find that the cookie in the framework can be carried

.
From the perspective of this phenomenon, it should be due to IE's security concerns. But !!! Pages in different regions should be viewed as opening two unrelated pages.

In the browser window, you can set your own cookies and bring them into the next request. As long as they do not affect each other, they should not be restricted.
Well, why should we limit it? It seems that Microsoft'sProgramThey have little confidence in the security of their browsers. They are worried that hackers will be able to access different domains in the same browser.

It is still possible to obtain the cookie of another domain, so you can simply kill the cookie of one domain !!! Why is there no such restriction in Firefox?

========================================================== ==========================================

Root cause:

The p3p (Platform for privacy preferences Project (p3p) Specification) protocols supported by IE6/IE7 prevent third parties from having no privacy security claims by default.

Cookie, Firefox does not currently support the p3p security feature, and Firefox does not. For more information about Mircosoft, see privacy in

Internet Explorer 6

Solution:

It is easy to output the Host Header declaration of p3p In the content to be embedded (the site pointed to by IFRAME). The procedure is as follows (Session variables are lost if you use

Frameset in Internet Explorer 6 ):

1. Open the IIS manager inetmgr
2. Select the embedded IFRAME source site or directory, and right-click to open the attribute box.
3. Switch to the HTTP Header
4. Add
5. Custom HTTP header name: p3p
6. Custom HTTP header value: Cp = "Cao PSA our"
7. Close the attribute box and exit. The setting takes effect immediately.
For the specific meanings of Cao PSA our, refer to the previous article: privacy in Internet Explorer 6.

So far, the problem of session loss under the IFRAME framework is completely solved.