All geek questions in one place

Cookies inside script-tag include cross-domain

So, I have this page on one domain with a script -tag pointing to a different domain, and every time I refresh the page, a new session_id is generated. This only happens in IE, all other browsers work.

Here is a sample code (JS and PHP)

http://domain1.com/index.php :

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>Untitled Document</title> <script src="http://domain2.com/index.php"></script> </head> <body> </body> </html>

And at http://domain2.com/index.php :

 <?php session_start(); header("content-type: application/x-javascript"); echo "alert('".session_id()."');"; ?>

Open Chrome or Firefox in the domain1.com/index.php domain and you will see a warning window with a session ID. Every time you update, you always have the same session id. In IE (I tried with 7, 8, and 9), the session id is always different. Cookies do not seem to be saved properly.

Thanks for any help.

+6
source share
1 answer

For documentation purposes, a solution has been found here:

I created a p3p file with the IBM P3P policy editor (p3p and CP file) uploaded the files to the / w 3c folder and added the following header to the file on domain2.com P3P: CP = "contents from file generated by CP"

+2
source

Source: https://habr.com/ru/post/898710/

More articles:


All Articles