This article mainly introduces the solution of the problem of IFRAME cross domain and session invalidation, and some friends who need it can refer to it.
What is cross domain cross-domain Session/cookie? is also the third party Session/cookie. The first party Session/cookie refers to the Seesion/cookie of the browser settings that visitors currently visit to the Web site, which are stored on the guest's computer. Third party Session/cookie refers to the Web site that is currently visited that will load (embed) another third party code, such as promotional ads, then Third-party Web sites will also be added to the guest's computer Session/cookie, this is the third party Session/cookie. My problem in the development of information online products (http://iap.pgia.net) to test the compatibility of various browsers, found that IE browser (v78) can not log in (Always prompt to verify code mismatch error), and other browsers do not have this problem (Firefox, Baidu, etc.). So you can conclude that this has nothing to do with browsers. Preliminary analysis: Survey found that in the use of IE browser (v78) Access, server-side logs show SessionID has been changing, each request will produce a new sessionid. Obviously this is the only reason why you cannot log on, and you can log on correctly if you solve this problem. In-depth analysis: Why in IE browser (v78) will appear this situation, Baidu learned that: for privacy security considerations, IE will lose the IFRAME Cookie,ie6/ie7 support P3P (Platform for The Privacy Preferences Project (P3P) specification) protocol, which prevents third parties from having no privacy security statements, does not have this problem. We know that the session is actually based on cookies. When the client establishes a session with the server for the first time, it assigns a random sessionid to the client, coexists with the client cookie, and then, in subsequent requests, brings the cookie, and if no such cookie is found on the client, the server will reassign one. My application structure is precisely this, that is, built-in an IFRAME embedded remote applications to achieve. Solution: To solve this problem is to add the "P3P" protocol upon request. So how to achieve it? Add the following code to the frames page: Code as follows: <% Resolve IE78 Cross-domain Access issues Response.setheader ("P3P", "cp=" IDC DSP COR ADM DEVi taii PSA PSD Ivai ivdi CONi his our IND CN T ""); %> So far, the problem has been solved