loading the destination Web site, but IE only executes the policy.For example, the evil domain loads the Foo domain through script or IFRAME. When loading, whether the browser will allow the Foo domain to set its own cookie, or whether to allow sending requests to the Foo domain, bring the existing cookie in the Foo domain.Here are the two scenarios where the P3P strategy is set up and sent, and the P3P strategy is different in these two scenarios:1. Set CookiesUnder IE, the default is not to a
Cross-origin session problems:
Java:
Add the following to the encodingfilter. Java file in servlet:Code:Httpservletresponse res = (httpservletresponse) sresponse;Res. setheader ("p3p", "cp = CaO PSA our ");It's just the strange symbol above. I found it online. It's exhausting.Thanks to the above brothers.---You may not be able to use the HTTP protocol when you are free, but you still need to know the root cause of the problem.For example, p3pHttp://msdn2.microsoft.com/en-us/library/ms5373
Author: finalbsdOriginal: http://www.sanotes.net/html/y2008/164.htmlCopyright. The author and original source and this statement must be indicated in the form of links during reprinting.
View OriginalI read a piece of information about it on the Internet.ArticleIt seems cool to use p3p to complete cross-origin cookie operations, but no source is provided.CodeLet's take a look.
ActualWork.
I only write a rough one. For the convenience of testing, edit the hosts file and add the test domain
as in the header of HTTP header, set P3P this head, You can generate a Third-party cookie by using an IFRAME.
In PHP, the P3P header is set in the following ways:
Header (' p3p:cp= "cura ADMa DEVa Psao psdo We bus UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"];
Note: The P3P here needs to be added to the Third-party domain to generate cookies before the file takes effect, otherwise it will be useless.
There is a problem here, the Third-party s
/a_getcookie.php file contents:
Var_dump ($_cookie);
/*-----------------------------------------------------------------------
Http://www.b.com/b_ setcookie.php file contents:
Access via browser: http://www.b.com/b_setcookie.php
http://www.a.com/a_getcookie.php after accessing the B.Com domain, we did not A.com domain Discovery set the cookie value.
Change the contents of the http://www.a.com/a_setcookie.php file to read as follows:
-------------------------------------
access to cookies for IFRAMEExample: P3p:cp=cura ADMa DEVa Psao psdo our BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP CORSet-cookieRole: A very important header, used to send cookies to the client browser, each write cookie generates a Set-cookie.For example: set-cookie:sc=4c31523a; path=/; Domain=.acookie.taobao.com Entity header FieldETagFunction: Used in conjunction with If-none-match. (See examples of If-none-match in the section)For example:
is updated. Use the local cache before it expires. The HTTP1.1 client and cache consider the illegal date format (including 0) as expired. For example, in order for the browser not to cache pages, we can also set the Expires Entity header field to 0. For example: Expires:tue, 2022 11:35:14 gmtp3p: Used to set cookies across domains, which resolves an iframe cross-domain access cookie problem For example: P3p:cp=cura ADMa DEVa Psao psdo Our BUS UNI PU
, this part of the change will not cause page refresh, the Mother window can casually access the URL of the IFRAME, and the IFRAME can also casually access the Mother window URL, Then the communication can be realized by changing the fragmement identitier. The disadvantage is that changes in fragmement identitier produce unnecessary historical records and have length limitations, and some browsers do not support Onhashchange events.
Cross Frame (CF)
This method is a variant of the above FIM me
fragmement identitier produce unnecessary historical records and have length limitations, and some browsers do not support Onhashchange events. Cross Frame (CF) This method is a variant of the above FIM method, and the nature of CF and FIM is actually described in my "GWT First Experience" article (it's just used to implement history and rewind), it dynamically creates an invisible IFrame, points to an exotic, and after processing, The fragment identitier in the URL of this iframe contains proc
the session does not pass normally in actual development.
See more highlights of this column: http://www.bianceng.cnhttp://www.bianceng.cn/webkf/PHP/
The scenario for reproducing the problem is:
1. Visit a site first: http://192.168.18.2/test.jsp
The test.jsp code is:
The code is as follows:
SSO. JSP read the Ssoinfo in the pass, call the ISMP authentication interface in reverse,
Generates a session and then puts the specified property value in the
Session. setattribute ("Ssous
Sometimes it is not possible to pass parameters on the URL, such as calling an interface on an open platform, which may need to be processed with cookies, but this may involve cross-domain issues.
If the browser opens a cookie support, according to the cookie RFC, it should have:
1. Allow a minimum of 300 cookies to be set;
2, each domain allows at least 20 cookies (ie7/8-50, FF-50, Opera-30);
3. Allow at least 4095 bytes per cookie (Opera-4096 bytes, ff, safari-4097 bytes)
The test example us
cookies across domains, which resolves the issue of cross-domain access to cookies for IFRAMEExample: P3p:cp=cura ADMa DEVa Psao psdo our BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP CORSet-cookieRole: A very important header, used to send cookies to the client browser, each write cookie generates a Set-cookie.For example: set-cookie:sc=4c31523a; path=/; Domain=.acookie.taobao.comEntity header FieldETagFunction: Used in conjunction with If-none-ma
included, as follows:host:http://www.guet.edu.cnThe default port number 80 is used here, and if a port number is specified, it becomes: Host: Specify port numberHTTP Response HeaderAlso use Fiddler to view Response header, click Inspectors tab->response tab-> headers as shownWe also classify the header according to Fiddler, so that it is clearer and easier to remember.Cache header FieldDateRole: The exact time and date of the message generationExample: Date:sat, 11:35:14 GMTExpiresRole: The bro
/index.html in the browser
The request message sent by the Browser contains the host Request Header domain, as follows:
HOST: http://www.guet.edu.cn
The default port number 80 is used here. If the port number is specified, it is changed to: Host: Specifies the port number.HTTP Response Header
Use Fiddler to view the response header and click inspectors tab> Response Tab> headers, as shown in
We also classify headers as fiddler, which is clear and easy to remember.
Cache header domain
Date
Pur
\ class_user.php file. The function synlogin ($ user) function in the file is used to synchronously notify logon. Is it similar to ucenter?
Okay. Add our logon code to the synlogin function, for example, add the edoog WITKEY logon code.Copy code
Function synlogin ($ user ){
Global $ timestamp, $ uc_key;
List ($ winduid, $ windid, $ windpwd) = explode ("\ t", $ this-> base-> strcode ($ user, false ));
Header ('p3p: Cp = "Cura ADMA Deva psao psd
classify the header according to Fiddler, so that it is clearer and easier to remember.Cache header FieldDateRole: The exact time and date of the message generationExample: Date:sat, 11:35:14 GMTExpiresRole: The browser will use the local cache for the specified expiration periodFor example: Expires:tue, 2022 11:35:14 GMTVaryRole:Example: vary:accept-encodingCookie/login header FieldP3pRole: Used to set cookies across domains, which resolves the issue of cross-domain access to cookies for IFRAM
The problem encountered during development is that IFRAME on a page created by a colleague needs to be transferred to my address, and the verification code is attached to the URL. During verification, I need to obtain the login information in his session. The result is that IFRAME can correspond to the first action, but the action in another IFRAME in my page cannot be adjusted to the value in the session. The session on the outermost page is not found.
Solution: Add a header to the correspondi
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.