IE11已停止接受跨网域Cookie政策 [英] IE11 Stopped Accepting Cross-Domain Cookie Policies
问题描述
我注意到一个奇怪的Cookie政策问题,只会影响IE。我只能在IE11上测试。也许你知道一个解决方法?
I just noticed an odd cookie policy problem that only affects IE. I could only test on IE11. Perhaps you know a workaround?
步骤1.这需要2个域。我们将他们称为cart.com和tracking.com。
Step 1. This requires 2 domains. We'll call them cart.com and tracking.com.
步骤2.使用IE11,浏览到 https://tracking.com/index.php ,它应该包含:
Step 2. Using IE11, browse over to https://tracking.com/index.php and it should contain this:
<?php
setcookie('track_test', 'mytest', time()+60*60*24*365, '/', '.tracking.com');
?>
<p>COOKIE SET</p>
<p><a href="https://cart.com/purchase.php">Buy Now</a></p>
步骤3.单击 https://tracking.com/index.php ,它会带您到 https://cart.com/purchase.php ,其中应包含以下内容:
Step 3. Click the Buy Now in https://tracking.com/index.php and it should take you to https://cart.com/purchase.php, which should contain this:
// ABOVE THIS LOOKS LIKE AN ORDINARY HTML5 PAGE THAT LOADS jQuery.
<script type="text/javascript">
$(document).ready(function(){
$('BODY').append('<img alt="" width="1" height="1" src="https://tracking.com/pixel.php" />');
});
</script>
步骤4.因此,查看purchase.php应该触发 https://tracking.com/pixel.php ,其外观如下:
Step 4. So, viewing purchase.php should fire https://tracking.com/pixel.php, which looks like so:
<?php
file_put_contents('output.txt',var_export($_COOKIE,TRUE),FILE_APPEND);
// RETURN FAKE IMAGE RESULT
header('Content-type: image/gif');
header('p3p:CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"');
die(base64_decode('R0lGODlhAQABAJAAAP8AAAAAACH5BAUQAAAALAAAAAABAAEAAAICBAEAOw=='));
步骤5.现在,在tracking.com服务器上查看output.txt。你会发现它是空的。这是问题 - 它不能读取cookie。 有一个Cookie政策限制,即使我已发送正确的忽略所有,我的朋友的Cookie标头。
Step 5. Now, view your output.txt on the tracking.com server. You'll find it empty. That's the problem -- it can't read the cookies. There's a cookie policy restriction, even though I have sent the proper "ignore all that, my friend" cookie header.
好的,如果你返回并将像素从Javascript切换到纯HTML以调用该像素, t工作方式。但是如果你在浏览器的URL中手动调用像素,它从IE工作正常。我们的跟踪以前工作,所以我相信这个问题刚刚发生IE11。
Okay, so, if you go back and switch the pixel from Javascript to purely HTML to call that pixel, it won't work that way either. But if you call the pixel manually in the URL of your browser, it works just fine from IE. Our tracking used to work, so I believe this problem just occurred with IE11.
但这里是我的难题 - 我与第三方合作,他们将一些额外的东西传递给我的像素脚本,比如order total和order transaction ID,通过像素脚本URL结尾的查询参数,这些只能通过Javascript在我的脚本中使用。这就是为什么我不能使用HTML技术来加载像素脚本 - 但必须在运行时使用jQuery(或Javascript)注入它,以获得订单总数和订单事务ID。
But here's my conundrum -- I'm working with a third-party, and they are passing some extra things to my pixel script like order total and order transaction ID via query parameters on the end of the pixel script URL, and those are only available to my script via Javascript. That's why I can't use the HTML technique to load that pixel script -- but must inject it at runtime using jQuery (or Javascript) in order to get that order total and order transaction ID.
推荐答案
答案很简单 - 这在IE中不再有效,从IE11开始。一个人必须通过他们的购物车以不同的方式传递参数,以便收据/ thanky页面正确地发布这些参数,没有cookie在接收像素脚本上读取。
The answer is simple -- this no longer works in IE, starting with IE11. One will have to pass parameters a different way through their shopping cart in order for the receipt/thankyou page to post those parameters back properly without having cookies to be read on the receiving pixel script.
Microsoft在其网站上发布了此信息:
Microsoft posted information about this on their website:
https://msdn.microsoft.com/en-us/library/mt146424(v = vs.85).aspx
建议的做法是避免在您的网站上
部署P3P隐私权政策。
因此,如果您在使用P3P标头的脚本中使用假GIF来访问先前在跟踪网域上设置的Cookie - 它现在在IE11中断了,微软不在乎为什么或提供另一个解决方案。有许多网络广告跟踪平台依赖于这一点,而微软只是打破了他们。
So, if you use a fake GIF in a script with a P3P header to access a cookie set previously on the tracking domain -- it's now broken in IE11 and Microsoft doesn't care to post why or to offer another solution. There are many web advertising tracking platforms out there that rely on this, and Microsoft just broke them.
这篇关于IE11已停止接受跨网域Cookie政策的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
