Shulou(Shulou.com)06/03 Report--

This article focuses on "how to solve the problem of session loss caused by the cross-domain of iframe under IE by PHP". Interested friends may wish to take a look. The method introduced in this paper is simple, fast and practical. Let's let the editor take you to learn "how to solve PHP's problem of session loss caused by cross-domain iframe under IE".

Today, a login page was embedded by other websites with iframe, and it was impossible to log in (this only exists in IE).

Obviously, session cannot be saved. But just open the login page in the address bar and everything is fine. That's weird.

Did a search on the Internet. It is found that this problem has really been mentioned by many people. The final solution is to add the following code to that login page:

The copy code is as follows:

Header ('P3P: CP= "ALL ADM DEV PSAi COM OUR OTRo STP IND ONL"')

Session_start ()

Maybe this problem has something to do with the fact that my login page uses javascript's location jump. But there is no in-depth test and research.

Yesterday, the time diary I made on campus finally came online. More than 80 users installed it on the first day of launch, but received feedback from many users that the application was not available. I was previously developed on firefox (it is estimated that the school staff are also audited by firefox), but when I used the IE7 test, I found that all the pages except the home page could not be opened properly.

After looking up a lot of materials on the Internet, it is found that there is such a problem in IE7: if there are one or more sub-pages of iframe in the page, then the creation of session in the sub-pages may not be successful, so that session data cannot be shared with other pages. In the development of campus, 51 applications, assuming the use of iframe, is likely to encounter such a problem. And this problem only exists in IE7 browsers, and I tested it in firefox, IE6 and chrome browsers without problems.

The solution is: before running session_start, add the following sentence to the program (take php language as an example) to roughly declare the security level to the browser, so that the iframesub-page will not have a problem when creating session:

Header ('P3P: CP= "ALL ADM DEV PSAi COM OUR OTRo STP IND ONL"')

In addition, I also learned that if the second-level domain name contains an underscore, such as your_domain.yourhost.com, there may also be problems in establishing and passing session.

A little thought:

1) after many years, the issue of browser compatibility has not been completely solved, and IE browsers are still so painful and painful for developers.

2) before releasing the application, you must undergo rigorous browser compatibility testing, otherwise you may lose the first batch of users of the application.

=

Resolve the problem that jsessionid can not be delivered in iframe resulting in loss of session

Sso is needed to implement the ISMP2.1.1 interface, while the interface defined in ISMP needs to call the sso interface in embedded pages such as iframe. In the actual development, it is found that session can not be transferred normally.

The scenario in which the problem is reproduced is:

1. Visit site a first: http://192.168.18.2/test.jsp

The code for test.jsp is:

The copy code is as follows:

618119.com

Read the passed ssoinfo in sso .jsp and call the ISMP authentication API in reverse

Generate a session and put in the specified attribute value

Session .setAttribute ("ssoUser", "lizongbo")

The page is redirected to http://192.168.18.3/iframe.jsp

Response.sendRedirect ("/ iframe.jsp")

If you read the attribute value of ssoUser in session in iframe.jsp, you will find that it cannot be read.

two。 If you visit the page of 192.168.18.3 first, and then visit the page of 192.168.18.2, the iframe embedding at this time can pass the generated jsessionid Cookie.

Therefore, the solutions are:

a. Add jsessionid.

For example, redirect to response.sendRedirect ("/ iframe.jsp;jsessionid = lizongbo")

In this case, if the url of other connections in the iframe.jsp page does not add jsessionid

You cannot continue to pass session, but add jsessionid. Jsessionid to the href property rewrite for each hyperconnection through the js on the client side.

Set P3P header information in b.sso.jsp

For example, P3P: CP= "CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"

Or P3P virtual CPP = "CAO PSA OUR"

The java code is:

Response.addHeader ("P3P", "/" CAO PSA OUR/ "")

At this point, I believe you have a deeper understanding of "how to solve the problem of session loss caused by the cross-domain of iframe under IE in PHP". You might as well do it in practice. Here is the website, more related content can enter the relevant channels to inquire, follow us, continue to learn!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.