Home >Backend Development >PHP Tutorial >Solution on how Iframe can access Cookie and Session across domains_PHP Tutorial
Recently, I have been integrating the login system. One of the most critical problems encountered is the need to have barrier-free access to another system background in a unified background. This system is an encrypted system provided by a third party. The background automatic login interface is analyzed by itself and is not provided separately. When logging in from the unified background through the automatic login interface, the system jumps directly to the system background homepage. The URL that will be jumped after the background login is successful cannot be specified here and cannot be controlled. If the page to be jumped needs to be linked to another page in the system backend in the unified backend, instead of the default homepage in the backend, that is to say, the menu function of the third-party system backend will be placed in our unified backend.
For such a need, there will be a problem here. In order to normally access the backend column of the third-party system, it is necessary to ensure that the system has been logged in, otherwise the user will be prompted to log in, so when clicking these menu links, the system must Already logged in.
In order to solve this problem, an invisible iframe is added to the head of the page to point to the automatic login interface. If this interface is accessed normally through the browser address bar, it will jump when the username and password are verified correctly. Go to the system backend homepage. Since it is placed in an invisible IFRAME at this time, the jump will have no impact on the current backend page. According to my design method, the system should be able to be used normally.
But, since we mentioned but, it means we must have encountered a problem, otherwise there would not have been such a big turning point here.
However, since each system here belongs to a different system and has different domain names, there is a situation where Iframe cannot generate third-party system cookies normally in IE, but it can be generated in Firefox and other browsers, so use When accessed by IE, it always jumps to the login page.
It needs to be explained here that the third-party system here is placed on our own server, but all source codes are encrypted!
After finally checking the relevant information, I found that in IE, for the sake of security, the generation of COOKIE for third-party domains through IFRAME is blocked. In order to solve this problem, MS stipulates that as long as the P3P header is set in the HTTP HEADER header, You can use IFRAME to generate third-party COOKIE.
In PHP, the setting method of P3P HEADER header is as follows:
header(‘P3P: CP=”CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR”‘);
Note: The P3P here needs to be added to the file that generates cookies in the third-party domain to take effect, otherwise it will not help.
There is another problem here. The COOKIE generated by the third-party system is generated in a page called admin.php in the background, and this page is encrypted. What should I do? After thinking about it for a long time, finally my colleague The idea came to me that we could include it in our own file. Damn, this method is so wonderful. Why didn’t I think of it? My colleague is so talented and I admire him so much. Of course, I admired him so much. According to him, he also admired himself that night.
So the final solution is to name the original admin.php file admin_2.php, and then create a new admin.php. Finally, in this file, add the P3P HEADER header mentioned above, and include admin_2.php again. file, the final code is as follows:
header(‘P3P: CP=”CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR”‘);
include “admin_2.php”;
Finally, the problem is completely solved!
The title here is about COOKIE and SESSION. In essence, they are basically the same thing. The final saving of SEESION is also saved to the COOKIE source code sky through SESSION_ID, and then the corresponding SEESION data is found on the server through this SID. Just put If the SEESION_ID COOKIE in the COOKIE is deleted, the SESSION will become invalid.