在iframe 嵌入跨域网站时,session丢失问题其根源也是由于iframe跨站点cookie被阻导致session失效。如果两个站点都是相同的父域名就没有这个问题。
问题原因:
IE6/IE7支持的P3P(Platform for Privacy Preferences Project (P3P) specification)协议默认阻止第三方无隐私安全声明的cookie,Firefox目前还不支持P3P安全特性,firefox中自然也不存在此问题了。Mircosoft对此的具体描述可以参见 Privacy in Internet Explorer 6
解决方法:
A、Rails
before_filter :send_header def send_header response.headers['P3P'] = 'CP="CAO PSA OUR"' end B、IIS
1.打开IIS管理器 inetmgr2.选择被嵌入iframe源站点或者目录,右键点击打开属性框3.切换到HTTP头4.添加5.自定义HTTP头名: P3P6.自定义HTTP头值: CP=”CAO PSA OUR”7.关闭属性框退出,即刻生效
至于上面CAO PSA OUR的具体意思,请参考文章:Privacy in Internet Explorer 6
Rails and IFrames - Issues with Internet Explorer sessions While using our new Share-It iframe for a project we came across a strange session issue with internet explorer that was tough to track down a solution to. Basically we were loading an iframe with some parameters that were saved in a session, this worked fine on all browsers except for internet explorer. Every request had a new session id, so the issue had to be with the cookies. As it turns out using an iframe from a different domain name is considered "third-party" and IE blocks the cookies unless.... You set this ( P3P compact policy ) response header. P3P: CP="CAO PSA OUR"more details about the header and what it means can be found here. you can easily do this in a controller using this call in a before filter with this line: response.headers['P3P'] = 'CP="CAO PSA OUR" Since the issue was harder to find a solution to than it should have been we decided it would make a good first development post from the Sympact team. Expect More...
相关资源:敏捷开发V1.0.pptx
