Solution of cross domain session and cookie invalidation problem in IFRAME under IE _iframe

Source of the problem: what is cross-domain session/cookie across domains.

Which is the third party Session/cookie. The first party Session/cookie refers to the Seesion/cookie of the browser settings that visitors currently visit to the Web site, which are stored on the guest's computer. Third party Session/cookie refers to the Web site that is currently visited that will load (embed) another third party code, such as promotional ads, then Third-party Web sites will also be added to the guest's computer Session/cookie, this is the third party Session/cookie. IE restricts third party Session/cookie

With the continuous update of IE version, the change between the version is very big, its compatibility problem puzzles many developers. This issue is no exception, IE7, Microsoft gradually improved IE security, where the default set of Third-party Session/cookie is not allowed to use, which caused the use of an IFRAME embedded access to another Third-party Web site, can not save session state, can not log on or across the value, Thus affecting the use of Third-party Web site functions. Workaround to manually adjust the security level of the client IE browser

In the Internet option-Privacy card, reduce the security level to accept all cookies, or set up to accept Third-party cookies in [advanced].

Comments: This method requires the user to change the client browser settings, very not convenient, and will give users a computer security risks, it is not recommended. Automatically change IE browser security level using the P3P protocol in your code

P3P (Platform for privacy Preferences) is a way to provide this personal privacy protection policy. This is done by adding the following code to the Third-party Web site code that is embedded in the IFRAME: [Java] View plain copy response.setheader ("P3P", "cp=\" IDC DSP COR ADM DEVi taii PSA PSD Ivai Ivdi CONi His our IND cnt\ "");

To be aware of are:

1, the above code is JSP, if it is ASP or PHP, you need to change the corresponding syntax, parameters and values unchanged. such as Ruby: [Ruby] View plain copy response.headers["P3P"] = "cp=\" IDC DSP COR ADM DEVi taii PSA PSD Ivai Ivdi CONi his My ND cnt\ ""

2, this method only supports dynamic Web applications, that is, the need to use dynamic language to set the header of the response, and if it is an MVC architecture, it is best to add the previous code in the total controller or filter, so that the smallest changes.

Comment: This method does not need to manually modify the client IE settings, but need to modify the Third-party Web site code, for the third party site is not within the control of the situation can not be powerless. Set up the P3P protocol in a third party Web server

The application server program used by third party Web sites, if you support setting HTTP headers, you can set up the server without having to modify the Third-party Web site code.

For example, under IIS, you can open the IIS window--〉 Select a Web Site--〉 property--〉http header, add an HTTP header, and then enter the header names: P3P

Input header content: Cp=cao PSA Our

Comments: Similar to the previous method, this method also requires a third party to be controllable and manageable.

Reference Documentation:

Study on the difference of Ie6_7_8 http://wenku.baidu.com/view/48fc9e18650e52ea551898c7.html

IE 8 Beta 1 Ajax Programmer's Guide HTTP://HI.BAIDU.COM/GETPOST/ITEM/4934DFF573DEA7D243C36A6A

Solve the problem that Jsessionid cannot be delivered in the IFRAME causing session loss http://618119.com/archives/2007/12/19/48.html

Use x-ua-compatible to set IE browser compatibility mode http://www.cnblogs.com/nidilzhang/archive/2010/01/09/1642887.html

Difference between a first-party cookie and a third-party cookie http://www.szwebanalytics.com/first-three-party-cookie.html

IE's third party limit cookie limit resolution HTTP://XCF007.BLOG.51CTO.COM/471707/155885/

JSP P3P set cookies http://cailin.iteye.com/blog/175422 across domains

The tangle HttpWatch between the IFRAME and the session http://funcreal.iteye.com/blog/603703

Enter Ruby on Rails world http://dev.yesky.com/340/2612340_3.shtml

JavaScript Cross-domain access problem and resolution process http://www.cnblogs.com/PurpleTide/archive/2011/11/06/2238293.html