Solutions to the problem of iframe cross-domain and session failure

What is cross-origin session/cookie?

That is, third-party session/cookie. The first session/cookie indicates the seesion/cookie set by the visitor's current website for the visitor's browser, which will be stored on the visitor's computer. Third-party session/cookie indicates that the website currently accessed will load (embed) other third-party website code, such as promotional advertisements, the third-party website will also add session/cookie on the visitor's computer, which is a third-party session/cookie.

My questions

When developing messaging online products (http://iap.pgia.net) to test compatibility with various browsers, IE browser (v7 \ 8) was found unable to log on (always prompt verification code Mismatch Error ), other browsers do not have this problem (firefox, Baidu, etc ). Therefore, we can conclude that this is not related to the browser.

Preliminary analysis:

The server log shows that the sessionId is constantly changing during access using IE (v7 \ 8). A new sessionId is generated for each request.

Obviously, this is the only cause of Logon failure. If you solve this problem, you can log on normally.

In-depth analysis:

Why does this happen in IE browser (v7 \ 8)? After Baidu understands it, he learned:

For Privacy security considerations, IE will lose the Cookie in Iframe. The P3P (Platform for Privacy Preferences Project (P3P) specification supported by IE6/IE7) by default, the Protocol prevents third parties from having no privacy and security statement cookies. Firefox and Chrome do not have this problem.

We know that the Session is actually based on cookies. When the client establishes a session with the server for the first time, it will allocate a random sessionId to the client and coexist in the client cookie. Then, the Cookie will be carried in subsequent requests, if such a Cookie cannot be found on the client, the server will allocate a new one.

My application structure is exactly like this, that is, an iframe embedded in a remote application is implemented.

Solution:

To solve this problem, you must add the "P3P" protocol during the request. So how to implement it?

Add the following code to the Framework page:
Copy codeThe Code is as follows:
<%
// Solve the cross-origin access problem of IE7 \ 8
Response. setHeader ("P3P", "CP = \" idc dsp cor adm DEVi TAIi psa psd IVAi IVDi CONi his our ind cnt \"");
%>

So far, the problem has been solved