:
Setcookie ("test", "testval", time () + 3600, "/", ".a.com ");
// Http://www.a.com/a_getcookie.php file content:
Var_dump ($ _ cookie );
/*-----------------------------------------------------------------------
Http://www. B .com/ B _setcookie.php File Content:
Access through a browser: http://www. B .com/ B _setcookie.php
Http://www.a.com/a_getcookie.phpafter accessing the B .com domain, we did not find the cookie value in the.com domain.
Change the file http://www.a.com/a_setcookie.php to th
Get married with python and fall out of favor(Python)
Python was first recognized because of its exposure to 3D printing. After a period of understanding about 3D printing, it learned that Cura, the industry's most famous open-source Slicing Software, was built using Python and WXpython. Because our company uses the open-source Slicing Software Cura and wants to own its own Slicing Software, we decided to
", "testval", time () + 3600, "/", ".a.com ");// Http://www.a.com/a_getcookie.php file content:Var_dump ($ _ COOKIE );/*-----------------------------------------------------------------------Http://www. B .com/ B _setcookie.php File Content:Access through a browser: http://www. B .com/ B _setcookie.phpHttp://www.a.com/a_getcookie.phpafter accessing the B .com domain, we did not find the cookie value in the.com domain.Change the file http://www.a.com/a_setcookie.php to the following:-------------
of a user, because most of the websites browsed by this user may be customers of this service provider, and they share a cookie.
Browser settings
Browser
Whether third-party cookies are supported by default
DNT settings
How to block third-party cookies
Chrome
Yes
Settings-Send "Do not trace" requests with the browser
Set-content settings-block third-party cookies and website data
Firefox
Yes
Option-privacy-this website is not required to
domain (a domain name)* If empty, empty processing* */function Setckaction () {$CLR = $this->_request->getparam ("CLR");$bts _user = ($CLR)? ': UrlEncode ($_cookie[' bts_logged_user ']);$this->view->assign ("Bts_user", $bts _user);}/** Provided to the BSTV domain, get the current domain (a domain name) cookies and session* Return the script variable to the Bstv browser end* */function Getckaction () {Header (' p3p:cp= "cura ADMa DEVa Psao psdo We bus
:25 gmtcontent-type:text/htmlconnection:keep-alivevary: accept-encodingx-powered-by:php/5.3.29p3p:cp= "CURa ADMa DEVa Psao psdo our BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI D SP COR "SET-COOKIE:APE__SESSION=K44G3EKLSERT1FGBJHL061L4F4; path=/; Domain=.apelearn.comexpires:thu, 1981 08:52:00 Gmtcache-control:no-store, No-cache, Must-revalidate, Post-check =0, Pre-check=0pragma:no-cache [[email protected] vhost]# Curl Ask.apelearn.com-i//Direct Connect
the site.
The following is an instance of PHP using the P3P header to implement a cross domain setting cookie :
http://www.a.com/a_setcookie.php File Contents:
http://www.a.com/a_getcookie.php File Contents:
http://www.b.com/b_setcookie.php File Contents:
Access via browser:
http://www.b.com/b_setcookie.php
http://www.a.com/a_getcookie.php
After accessing the 1 B.Com domain, we did not set the cookie value on the a.com domain discovery.
At this point, if you change the contents o
other browsers. Therefore, when you use IE to access, you will always jump to the logon page.
It should be noted that the third-party systems here are placed on our own servers, but all source code is encrypted!
Finally, I checked the relevant information and found that in IE, to ensure security, I blocked the use of IFRAME to generate a third-party domain COOKIE. to solve this problem, MS requires that as long as the HTTP HEADER is in, set the P3P header to generate a third-party COOKIE throug
:
// Http://www.a.com/a_setcookie.php file content:Setcookie ("test", "testval", time () + 3600, "/", ".a.com ");// Http://www.a.com/a_getcookie.php file content:Var_dump ($ _ COOKIE );/*-----------------------------------------------------------------------Http://www. B .com/ B _setcookie.php File Content:Access through a browser: http://www. B .com/ B _setcookie.phpHttp://www.a.com/a_getcookie.phpafter accessing the B .com domain, we did not find the cookie value in the.com domain.Change the
(in C: \ WINDOWS \ system32 \ drivers \ etc \ hosts)
127.0.0.1 www.a.com
127.0.0.1 www. B .com
First, create the_setcookie.php file with the following content:
// Header ('p3p: CP = "CURa ADMa DEVa PSAo PSDo our bus uni pur int dem sta pre com nav otc noi dsp cor "');
Setcookie ("test", $ _ GET ['id'], time () + 3600, "/", ".a.com ");
Then, create the_getcookie.php file with the following content:
Var_dump ($ _ COOKIE );
Finally, create the B _setcoo
own code this uc.php callback file code does not have to follow their format to write you can also self- Write your own code, for example, I'm doing a synchronous landing based on the session.Copy CodeThe code is as follows:function Synlogin ($get, $post) {$uid = $get [' uid '];$username = $get [' username '];if (! Api_synlogin) {return Api_return_forbidden;}Header (' p3p:cp= ' CURa ADMa DEVa Psao psdo our BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI
First, I used Redis and P3P technology here. Of course, any nosql can satisfyImpersonate a client that accesses a login.Phpsession_start (); $Get=$_get;if($Get['uname'] =='FTT' $Get['Pass'] =='123') {$token=MD5 (rand ()); $_session['User'] ='FTT'; $_session['IsLogin'] =1; Save_redis ($token, Json_encode ($_session)); Header ('p3p:cp= "CURa ADMa DEVa Psao psdo our BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"'); $file.=''; echo $file;}Else{echo'
user submits a cookie, it fails because the server cannot be uploaded.
Solution:You only need to set the p3p HTTP header and set the cookie in the implicit IFRAME. They used the following content:P3p: Cp = 'cura ADMA Deva psao psdo our bus uni pur int DEM sta pre com nav OTC Noi DSP core'
ASP directly adds a header declaration in the header to test the validity.
PHP is written as follows:Header ('p3p: Cp = "
loading the destination Web site, but IE only executes the policy.For example, the evil domain loads the Foo domain through script or IFRAME. When loading, whether the browser will allow the Foo domain to set its own cookie, or whether to allow sending requests to the Foo domain, bring the existing cookie in the Foo domain.Here are the two scenarios where the P3P strategy is set up and sent, and the P3P strategy is different in these two scenarios:1. Set CookiesUnder IE, the default is not to a
Cross-origin session problems:
Java:
Add the following to the encodingfilter. Java file in servlet:Code:Httpservletresponse res = (httpservletresponse) sresponse;Res. setheader ("p3p", "cp = CaO PSA our ");It's just the strange symbol above. I found it online. It's exhausting.Thanks to the above brothers.---You may not be able to use the HTTP protocol when you are free, but you still need to know the root cause of the problem.For example, p3pHttp://msdn2.microsoft.com/en-us/library/ms5373
Author: finalbsdOriginal: http://www.sanotes.net/html/y2008/164.htmlCopyright. The author and original source and this statement must be indicated in the form of links during reprinting.
View OriginalI read a piece of information about it on the Internet.ArticleIt seems cool to use p3p to complete cross-origin cookie operations, but no source is provided.CodeLet's take a look.
ActualWork.
I only write a rough one. For the convenience of testing, edit the hosts file and add the test domain
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.