Use p3p header to solve the problem of session loss during IFRAME cross-origin access in IE

Use p3p header to solve the problem of session loss during IFRAME cross-origin access in IE

When integrating the client's login, or when another website uses IFRAME, especially an HTTP page, when accessing an HTTPS page, the session is often invalid!

The p3p (Platform for privacy preferences Project (p3p) Specification) protocols supported by E6/IE7 prevent third-party cookies without privacy security claims by default. Firefox does not support p3p security features yet, this problem does not occur in Firefox.

In frameset, the frame is from a third-party site (with different IP addresses or domain names). By default, ie will automatically disable cookies for these sites, that is, when requesting a URL, do not send their cookies in the HTTP header, including the session cookies. Note that the cookies set by these sites in response will still be sent to the browser.

When a user browses a. php, a.com writes the first cookie, which is embedded inIFRAMEPoint to B. php. At this time, B .com writes a third-party cookie, so it is taken out of the door by IE. Therefore, each time a user submits a cookie, it fails because the server cannot be uploaded.

Solution:
You only need to set the p3p HTTP header and set the cookie in the implicit IFRAME. They used the following content:
P3p: Cp = 'cura ADMA Deva psao psdo our bus uni pur int DEM sta pre com nav OTC Noi DSP core'

ASP directly adds a header declaration in the header to test the validity.
<% Response. addheader "p3p", "cp = CaO PSA our" %>

PHP is written as follows:
Header ('p3p: Cp = "Cura ADMA Deva psao psdo our bus uni pur int DEM sta pre com nav OTC Noi DSP cor "');

ASP. NET
InCodeAdd response. addheader ("p3p", "cp = CaO PSA our") or start ASP. NET state service in the window service.

JSP:
Response. setheader ("p3p", "cp = CaO PSA our ")