问题:
I have two websites, let's say they're example.com
and anotherexample.net
. 我有两个网站,假设他们是example.com
和anotherexample.net
。 On anotherexample.net/page.html
, I have an IFRAME SRC="http://example.com/someform.asp"
. 在anotherexample.net/page.html
,我有一个IFRAME SRC="http://example.com/someform.asp"
。 That IFRAME displays a form for the user to fill out and submit to http://example.com/process.asp
. IFRAME显示一个表单供用户填写并提交到http://example.com/process.asp
。 When I open the form (" someform.asp
") in its own browser window, all works well. 当我在自己的浏览器窗口中打开表单(“ someform.asp
”)时,一切正常。 However, when I load someform.asp
as an IFRAME in IE 6 or IE 7, the cookies for example.com are not saved. 但是, 当我在IE 6或IE 7 someform.asp
加载为IFRAME时,example.com的cookie不会保存。 In Firefox this problem doesn't appear. 在Firefox中,此问题不会出现。
For testing purposes, I've created a similar setup on http://newmoon.wz.cz/test/page.php . 出于测试目的,我在http://newmoon.wz.cz/test/page.php上创建了类似的设置。
example.com
uses cookie-based sessions (and there's nothing I can do about that), so without cookies, process.asp
won't execute. example.com
使用基于cookie的会话(我无能为力),所以没有cookie, process.asp
将不会执行。 How do I force IE to save those cookies? 如何强制IE保存这些cookie?
Results of sniffing the HTTP traffic: on GET /someform.asp response, there's a valid per-session Set-Cookie header (eg Set-Cookie: ASPKSJIUIUGF=JKHJUHVGFYTTYFY
), but on POST /process.asp request, there is no Cookie header at all. 嗅探HTTP流量的结果:在GET /someform.asp响应中,有一个有效的每会话Set-Cookie头(例如Set-Cookie: ASPKSJIUIUGF=JKHJUHVGFYTTYFY
),但在POST /process.asp请求中,没有Cookie头一点都不
Edit3: some AJAX+serverside scripting is apparently capable to sidestep the problem, but that looks very much like a bug, plus it opens a whole new set of security holes . Edit3:一些AJAX +服务器端脚本显然能够回避这个问题,但这看起来非常像一个bug,而且还会打开一组全新的安全漏洞 。 I don't want my applications to use a combination of bug+security hole just because it's easy. 我不希望我的应用程序使用bug +安全漏洞的组合只是因为它很容易。
Edit: the P3P policy was the root cause , full explanation below. 编辑: P3P政策是根本原因 ,下面有完整的解释。
解决方案:
参考一: https://en.stackoom.com/question/1dJY参考二: https://stackoom.com/question/1dJY