The solution to the problem of cross-domain and session failure of IFRAME _ practical skills

Source: Internet
Author: User

What is cross domain cross-domain Session/cookie?

Which is the third party Session/cookie. The first party Session/cookie refers to the Seesion/cookie of the browser settings that visitors currently visit to the Web site, which are stored on the guest's computer. Third party Session/cookie refers to the Web site that is currently visited that will load (embed) another third party code, such as promotional ads, then Third-party Web sites will also be added to the guest's computer Session/cookie, this is the third party Session/cookie.

My question.

In the development of information online products (http://iap.pgia.net) to test the compatibility of various browsers, found that IE browser (v7\8) can not log in (always prompted to verify code mismatch error), and other browsers do not have this problem (Firefox, Baidu, etc.). So you can conclude that this has nothing to do with browsers.

Preliminary analysis:

The discovery, in the use of IE browser (v7\8) Access, server-side logs show SessionID has been changing, each request will produce a new sessionid.

This is clearly the only reason why you cannot log on, and you can log on correctly if you resolve this issue.

In-depth analysis:

Why in IE browser (v7\8) will appear this kind of situation, Baidu understand after know:

For privacy reasons, IE will lose the COOKIE,IE6/IE7 supported P3P in the IFRAME (Platform for privacy Preferences Project (P3P) specification) Cookie,firefox, Chrome does not exist for a protocol that prevents third parties from having no privacy security statement.

We know that the session is actually based on cookies. When the client establishes a session with the server for the first time, it assigns a random sessionid to the client, coexists with the client cookie, and then, in subsequent requests, brings the cookie, and if no such cookie is found on the client, the server will reassign one.

And my application structure is exactly this, that is, built-in an IFRAME embedded remote applications to achieve.

Solution:

The solution to this problem is to add the "P3P" protocol at the time of the request. So how to achieve it?

Add the following code to the frames page:

Copy Code code as follows:

<%
Resolving ie7\8 cross-domain access issues
Response.setheader ("P3P", "cp=\" IDC DSP COR ADM DEVi taii PSA PSD Ivai Ivdi The His our CONi IND "");
%>

At this point, the problem has been resolved

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.