What is cross domain cross-domain Session/cookie?
Which is the third party Session/cookie. The first party Session/cookie refers to the Seesion/cookie of the browser settings that visitors currently visit to the Web site, which are stored on the guest's computer. Third party Session/cookie refers to the Web site that is currently visited that will load (embed) another third party code, such as promotional ads, then Third-party Web sites will also be added to the guest's computer Session/cookie, this is the third party Session/cookie.
My question.
In the development of information online products (http://iap.pgia.net) to test the compatibility of various browsers, found that IE browser (v7\8) can not log in (always prompted to verify code mismatch error), and other browsers do not have this problem (Firefox, Baidu, etc.). So you can conclude that this has nothing to do with browsers.
Preliminary analysis:
The discovery, in the use of IE browser (v7\8) Access, server-side logs show SessionID has been changing, each request will produce a new sessionid.
This is clearly the only reason why you cannot log on, and you can log on correctly if you resolve this issue.
In-depth analysis:
Why in IE browser (v7\8) will appear this kind of situation, Baidu understand after know:
For privacy reasons, IE will lose the COOKIE,IE6/IE7 supported P3P in the IFRAME (Platform for privacy Preferences Project (P3P) specification) Cookie,firefox, Chrome does not exist for a protocol that prevents third parties from having no privacy security statement.
We know that the session is actually based on cookies. When the client establishes a session with the server for the first time, it assigns a random sessionid to the client, coexists with the client cookie, and then, in subsequent requests, brings the cookie, and if no such cookie is found on the client, the server will reassign one.
And my application structure is exactly this, that is, built-in an IFRAME embedded remote applications to achieve.
Solution:
The solution to this problem is to add the "P3P" protocol at the time of the request. So how to achieve it?
Add the following code to the frames page:
Copy Code code as follows:
<%
Resolving ie7\8 cross-domain access issues
Response.setheader ("P3P", "cp=\" IDC DSP COR ADM DEVi taii PSA PSD Ivai Ivdi The His our CONi IND "");
%>
At this point, the problem has been resolved