如果在A网站引用B网站的页面,获得B网站的Session,但是从A站点跳转到B站点后,B站点的Session失效了!
无法获得原来的Session。
经过同事的努力查找,找到相应的解决办法,详细内容如下:
http://support.microsoft.com/kb/323752/ (机器翻译的,极烂!)
http://support.microsoft.com/kb/323752/en-us
Session variables are lost if you use FRAMESET in Internet Explorer 6
function loadTOCNode(){}
Article ID |
: |
323752 |
Last Review |
: |
April 21, 2006 |
Revision |
: |
3.0 |
This article was previously published under Q323752
var sectionFilter = "type != 'notice' && type != 'securedata' && type != 'querywords'";
var tocArrow = "/library/images/support/kbgraphics/public/en-us/downarrow.gif";
var depthLimit = 10;
var depth3Limit = 10;
var depth4Limit = 5;
var depth5Limit = 3;
var tocEntryMinimum = 1;
<noscript></noscript>
SYMPTOMS
loadTOCNode(1, 'symptoms');
If you implement a FRAMESET whose FRAMEs point to other Web sites on the networks of your partners or inside your network, but you use different top-level domain names, you may notice in Internet Explorer 6 that any cookies you try to set in those FRAMEs appear to be lost. This is most frequently experienced as a loss of session state in an Active Server Pages (ASP) or ASP.NET Web application. You try to access a variable in the Session object that you expect to exist, and a blank string is returned instead.
You also see this problem in a FRAMEs context if your Web pages alternate between the use of Domain Name System (DNS) names and the use of Internet Protocol (IP) addresses.
CAUSE
loadTOCNode(1, 'cause');
Internet Explorer 6 introduced support for the Platform for Privacy Preferences (P3P) Project. The P3P standard notes that if a FRAMESET or a parent window references another site inside a FRAME or inside a child window, the child site is considered third party content. Internet Explorer, which uses the default privacy setting of Medium, silently rejects cookies sent from third party sites.
RESOLUTION
loadTOCNode(1, 'resolution');
You can add a P3P compact policy header to your child content, and you can declare that no malicious actions are performed with the data of the user. If Internet Explorer detects a satisfactory policy, then Internet Explorer permits the cookie to be set.
Visit the following MSDN Web site for a complete list of satisfactory and unsatisfactory policy codes:
Privacy in Internet Explorer 6
http://msdn.microsoft.com/workshop/security/privacy/overview/privacyie6.asp (http://msdn.microsoft.com/workshop/security/privacy/overview/privacyie6.asp)A simple compact policy that fulfills this criteria follows:
P3P: CP="CAO PSA OUR"
This code sample shows that your site provides you access to your own contact information (CAO), that any analyzed data is only "pseudo-analyzed", which means that the data is connected to your online persona and not to your physical identity (PSA), and that your data is not supplied to any outside agencies for those agencies to use (OUR).
You can set this header if you use the
Response.AddHeader method in an ASP page. In ASP.NET, you can use the
Response.AppendHeader method. You can use the IIS Management Snap-In (inetmgr) to add to a static file.
Follow these steps to add this header to a static file:
1. |
Click Start, click Run, and then type inetmgr. |
2. |
In the left navigation page, click the appropriate file or directory in your Web site to which you want to add the header, right-click the file, and then click Properties. |
3. |
Click the HTTP Headers tab. |
4. |
In the Custom HTTP Headers group box, click Add. |
5. |
Type P3P for the header name, and then for the compact policy string, type CP=..., where "..." is the appropriate code for your compact policy. |
Alternatively, Internet Explorer users can modify their privacy settings so that they are prompted to accept third party content. The following steps show how to modify the privacy settings:
1. |
Run Internet Explorer. |
2. |
Click Tools, and then click Internet Options. |
3. |
Click the Privacy tab, and then click Advanced. |
4. |
Click to select the Override automatic cookie handling check box. |
5. |
To allow ASP and ASP.NET session cookies to be set, click to select the Always allow session cookies check box. |
6. |
To receive a prompt for any type of third party cookie, click Prompt in the Third-party Cookies list. |
STATUS
loadTOCNode(1, 'status');
This behavior is by design.
MORE INFORMATION
loadTOCNode(1, 'moreinformation');
Steps to reproduce the behavior
loadTOCNode(2, 'moreinformation');
1. |
Create a file name TestFrameset.asp. |
2. |
Point one of the FRAMEs of the file to another computer on your network, by means of IP addresses:
<HTML>
<FRAMESET ROWS="100%,*">
<FRAME src="http://111.111.111.111/testFrame.asp"></FRAME>
<FRAME src="about:blank"></FRAME>
</FRAMESET>
</HTML>
|
3. |
On the remote computer, create TestFrame.asp like the following example:
<HTML>
<BODY>
<%
Response.write "Session var is " & Session("TestVar")
Session("TestVar") = "Hello, world!"
%>
<BODY>
<FORM METHOD="POST">
<INPUT type="submit" value="Print TestVar">
</FORM>
</BODY>
</HTML>
|
4. |
Move to TestFrameset.asp, and then click Form Submission. |
Notice after the submission that
Session("TestVar") entry prints as empty, although it should contain "Hello, world!".
REFERENCES
loadTOCNode(1, 'references');
For more information, click the following article numbers to view the articles in the Microsoft Knowledge Base:
283185 (http://support.microsoft.com/kb/283185/) How to manage cookies in Internet Explorer 6
290333 (http://support.microsoft.com/kb/290333/) Description of Platform for Privacy Preferences (P3P) project
293222 (http://support.microsoft.com/kb/293222/) The default privacy settings for Internet Explorer 6
具体解决办法为:
修改B站点的IIS设置,设置Header,添加“P3P: CP="CAO PSA OUR"”
分享到:
相关推荐
最近由于一个项目,模块切换为ajax请求数据,当Session失效后,ajax请求后没有返回值,只有响应的html:<html>[removed]window.open(‘http://192.168.0.118:8080/welcomeAction/loginUI.do’,’_top’);...
ext中session失效,页面跳转到登陆页的实现
主要介绍了iframe跨域与session失效问题的解决办法,有需要的朋友可以参考一下
一同事求援:后台系统的登录成功了,但不能成功登进系统,仍然跳转到登录页,但同一套代码另一个环境却没有问题。 背景 经了解,他对同一个项目使用tomcat部署了两个环境,一个在开发服务器上,一个在他本机,两个...
session失效时间
session失效重新登录后,返回之前页面,并保留表单数据
【ASP.NET编程知识】iframe跨域与session失效问题的解决办法.docx
最近在研究有关.net mvc项目中的session失效问题,下面小编把研究过程给大家共享下,大家可以参考下。 最近解决基于.net mvc项目的session失效问题,这个跟大家聊聊。 1.问题分析 .net mvc中,Session失效需要考虑...
在使用spingMVC的拦截器来处理用户session失效的问题时,当用户session失效会返回一串javascript字符串强制用户浏览器跳转至登录页面。然而当使用Ajax请求数据时,在验证失败后只会响应一串字符串,JavaScript并不会...
绍设置Session失效的几种方法
NULL 博文链接:https://tanghaidi.iteye.com/blog/465113
使用filter来做后台,Ext.Ajax.on('requestcomplete', checkUserSessionStatus, this);用requestcomplete这个方法来异步判断session是否已经失效了
最近由于一个项目,模块切换为ajax请求数据,当Session失效后,ajax请求后没有返回值,只有响应的html: <html> [removed]window.open('http://192.168.0.118:8080/welcomeAction/loginUI.do','_top'); ...
跨服务器session应用详解,相信对于很多企业有重要的参考价值
根据源码这个Valid只做一件事,就是在控制台打印一下当前的sessionID。如果程序已经部署到tomcat下面,这个输出信息,要到 Tomcat 6.0\logs目录下,查看最新的stdout_20120111.log文件,其中那个20120111表示文件...
主要介绍了ASP.NET 程序中删除文件夹导致session失效问题的解决办法分享,有需要的朋友可以参考一下
主要给大家介绍了关于React如何解决fetch跨域请求时session失效问题的相关资料,文中通过示例代码介绍的非常详细,对大家的学习或者工作具有一定的参考学习价值,需要的朋友们下面随着小编来一起学习学习吧