IE9分离第三方请求的Cookie [英] IE9 Separate cookies for third party request

问题描述

即使我的P3P标头正确，IE9似乎仍然有第三方要求的单独列表。

Even though my P3P headers are correct, IE9 seems to hold a separate list for third party requests.

我添加了以下P3P

header('P3P:CP="NOI DSP COR CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT", policyref="http://domain/w3c/p3p.xml"')

当然正确设置了域。它由IBM工具创建。接下来，我创建了p3p xml文件，并用p3p验证测试它。

Of course with domain properly set. It's created by the IBM tool. Next to that I've created the p3p xml file and tested it with p3p validation.

一旦我调用一个测试文件，不再说明

Once I call a test file stating nothing more then

    <?php

    header ('P3P:CP="NOI DSP COR CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT", policyref="http://padrichem.ds1.nl.dev/w3c/p3p.xml"');

    session_start();

    var_dump($_COOKIE);

它说$ _COOKIE是空的，刷新，并说$ _COOKIE [PHPSESSID] ='id'

It says $_COOKIE is empty, refresh and it says $_COOKIE[PHPSESSID] = 'id'

现在我从一个远程位置调用同一个文件
它说$ _COOKIE是空的，刷新并且说$ _COOKIE [PHPSESSID] ='DIFFERENT id'

Now I call the same file from a remote location within an iframe it says $_COOKIE is empty, refresh and it says $_COOKIE[PHPSESSID] = 'DIFFERENT id'

当我禁用保护模式时，不是这样。

When I disable protected mode this isn't the case. Yet it also isn't the case on all domains.

在硬盘上，我只能找到由iFrame（第三方）调用设置的cookie。

On the harddrive I can only find the cookies set by the iFrame (third-party) call.

有人知道为什么会发生这种情况吗？

Does anyone have any idea why this would occur?

推荐答案

最有可能是因为IE在跨区域情况下处理Cookie：

You issue is most probably because of how IE treats cookies in cross-zone scenarios:

请参阅以下内容：

a href =http://stackoverflow.com/a/16330218/400011> IE9 - asp.net无法访问由第三方网站为我的域创建的Cookie
0047
在跨区域情景中小心Cookie共享

IE9 - asp.net cannot access cookie created for my domain by third party site
Beware Cookie Sharing in Cross-Zone Scenarios

这篇关于IE9分离第三方请求的Cookie的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！