框架iframe里验证码错误的问题及解决【转】
2012-7-27 9:50 Friday  

分类: PHP 标签: cookie session iframe header 页面 评论(81) 浏览(24170)

工作中遇到的问题 从本域A iframe另一个域的页面(是登录页) 验证码总是提示错误 (IE下才有问题,因为那个页要activex 所以开始没怀疑session) 经过排查确定是iframe里的页面生成的cookie是保存不住的;

测试用例如下:
A域页面代码 :
  <iframe src="http://B/p3p.php"></iframe>   

B域页面

 <?php
session_start();
if(!empty($_GET['test'])){
  var_dump($_SESSION['p3p']);
}else{
 $_SESSION['p3p'] = 'room';
 echo "<a href='?test=1'>test</a>";
 var_dump($_SESSION['p3p']);
}
?>
IE下点击IFRAME里的链接 打印出NULL
因为IE里iframe是不传输stored_cookie的
资料原文:
The problem lies with a W3C standard called Platform for Privacy Preferences or P3P for short. You can read all about the boring stuff via the link or else just install the P3P Compact Policy header below. This will allow Internet Explorer to accept your third-party cookie. You will need to send the header on every page that sets a cookie.

解决方法是输出个header

PHP:

header('P3P:CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"');

ASP.NET:

HttpContext.Current.Response.AddHeader("p3p","CP=/"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT/"");
JSP:
response.addHeader("P3P","CP=/"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT/"")

试验在设置session的地方输出header即可
 .....
  header('P3P:CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"');
  $_SESSION['p3p'] = 'room';
.....



参考:http://adamyoung.net/IE-Blocking-iFrame-Cookies

     http://www.w3.org/P3P/

 

转自 http://blog.csdn.net/vaal_water/article/details/5892623

+1 4

留下你的看法: