If the iframe in IE refers to the cross domain site page, the session fails

Problem scenario:

Personal confidence page through the IFrame nested third party page, domain name is different, call the third party interface, in Chrome test normal, in Internet Explorer is embedded in the page Session invalidation. (Session is based on cookie implementation, reference page is not allowed to use cookie)

Problem analysis:

The IE-supported P3P(Platform for Privacy Preferences Project (P3P) Specification) protocol by default prevents third party cookies without Privacy security claims, and Firefox does not currently support P3P security features, nor does it naturally exist in Firefox.


1. Modify the setting of the Client
so that the Client can accept cookies from any website (specifically set in the privacy page of IE option to add B site to the trusted site)
or set both domains to the trusted site

2. The domain of the application modifies the
simple scheme: two applications use the same domain
Complex solution: you can force changes to

through setdomain in pages loaded by the iframe. 3. P3P
first: output the host header declaration of P3P in the content to be embedded (the site the iframe points to) as follows:
Open IIS Manager InetMgr to be embedded in the iFrame source site or directory, right-click to open the Properties box and toggle to HTTP headers Add custom HTTP headers P3P Custom HTTP headers CP=”CAO PSA OUR” Close the properties box and exit, effective immediately
Response.addheader (“P3P”,”CP=CAO PSA OUR”);

Transfer: https://www.cnblogs.com/weibozeng/archive/2013/11/06/3410904.html

Read More: