問題:
I have two websites, let's say they're example.com
and anotherexample.net
. 我有兩個網站,假設他們是example.com
和anotherexample.net
。 On anotherexample.net/page.html
, I have an IFRAME SRC="http://example.com/someform.asp"
. 在anotherexample.net/page.html
,我有一個IFRAME SRC="http://example.com/someform.asp"
。 That IFRAME displays a form for the user to fill out and submit to http://example.com/process.asp
. IFRAME顯示一個表單供用戶填寫並提交到http://example.com/process.asp
。 When I open the form (" someform.asp
") in its own browser window, all works well. 當我在自己的瀏覽器窗口中打開表單(“ someform.asp
”)時,一切正常。 However, when I load someform.asp
as an IFRAME in IE 6 or IE 7, the cookies for example.com are not saved. 但是, 當我在IE 6或IE 7 someform.asp
加載爲IFRAME時,example.com的cookie不會保存。 In Firefox this problem doesn't appear. 在Firefox中,此問題不會出現。
For testing purposes, I've created a similar setup on http://newmoon.wz.cz/test/page.php . 出於測試目的,我在http://newmoon.wz.cz/test/page.php上創建了類似的設置。
example.com
uses cookie-based sessions (and there's nothing I can do about that), so without cookies, process.asp
won't execute. example.com
使用基於cookie的會話(我無能爲力),所以沒有cookie, process.asp
將不會執行。 How do I force IE to save those cookies? 如何強制IE保存這些cookie?
Results of sniffing the HTTP traffic: on GET /someform.asp response, there's a valid per-session Set-Cookie header (eg Set-Cookie: ASPKSJIUIUGF=JKHJUHVGFYTTYFY
), but on POST /process.asp request, there is no Cookie header at all. 嗅探HTTP流量的結果:在GET /someform.asp響應中,有一個有效的每會話Set-Cookie頭(例如Set-Cookie: ASPKSJIUIUGF=JKHJUHVGFYTTYFY
),但在POST /process.asp請求中,沒有Cookie頭一點都不
Edit3: some AJAX+serverside scripting is apparently capable to sidestep the problem, but that looks very much like a bug, plus it opens a whole new set of security holes . Edit3:一些AJAX +服務器端腳本顯然能夠迴避這個問題,但這看起來非常像一個bug,而且還會打開一組全新的安全漏洞 。 I don't want my applications to use a combination of bug+security hole just because it's easy. 我不希望我的應用程序使用bug +安全漏洞的組合只是因爲它很容易。
Edit: the P3P policy was the root cause , full explanation below. 編輯: P3P政策是根本原因 ,下面有完整的解釋。
解決方案:
參考一: https://en.stackoom.com/question/1dJY參考二: https://stackoom.com/question/1dJY