Solutions for session/cookie invalidation of iframe cross-origin calls in IE

The reason for the invalid session and cookie for iframe cross-origin logon in IE browser is that the P3P (Platform for Privacy Preferences Project (P3P) specification supported by IE6/IE7) by default, the Protocol prevents third parties from having no privacy and security statement cookies. Therefore, this problem occurs. The solution can be solved only by declaring the header.

In frameset, the frame is from a third-party site (with different IP addresses or domain names). By default, IE will automatically disable cookies for these sites, that is, when requesting a url, do not send their cookies in the HTTP header, including the session cookies. Note that the cookies set by these sites in response will still be sent to the browser.

Browse. in php, A.com writes the first Cookie, and its embedded iframe points to B. php. at this time, B .com writes a third-party Cookie, so it is taken out of the door by IE. Therefore, each time a user submits a cookie, it fails because the server cannot be uploaded.

Cause Analysis

The P3P (Platform for Privacy Preferences Project (P3P) specification) protocols supported by IE6/IE7 prevent third parties from having cookies without Privacy security claims by default.
 

Solution.

PHP Program

Can be written directly to website B

The Code is as follows:	Copy code
<? Php Header ('p3p: CP = "CURa ADMa DEVa PSAo PSDo our bus uni pur int dem sta pre com nav otc noi dsp cor "') ?>

In this way, you can accept third-party cookies.

A simple C # Application

The Code is as follows:	Copy code
If (Request. Browser. Browser. ToUpper (). Contains ("IE ")) Response. Headers. Add ("P3P", "CP = cao psa our ");