P3P Header is present:

CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"

Compact Policy token is present. A trailing 'o' means opt-out, a trailing 'i' means opt-in.

CURa

Information is used to complete the activity for which it was provided.

ADMa

Information may be used for the technical support of the Web site and its computer system.

DEVa

Information may be used to enhance, evaluate, or otherwise review the site, service, product, or market.

PSAo

Information may be used to create or build a record of a particular individual or computer that is tied to a pseudonymous identifier, without tying identified data (such as name, address, phone number, or email address) to the record. This profile will be used to determine the habits, interests, or other characteristics of individuals for purpose of research, analysis and reporting, but it will not be used to attempt to identify specific individuals. 

PSDo

Information may be used to create or build a record of a particular individual or computer that is tied to a pseudonymous identifier, without tying identified data (such as name, address, phone number, or email address) to the record. This profile will be used to determine the habits, interests, or other characteristics of individuals to make a decision that directly affects that individual, but it will not be used to attempt to identify specific individuals.

OUR

We share information with ourselves and/or entities acting as our agents or entities for whom we are acting as an agent.

BUS

Info is retained under a service provider's stated business practices. Sites MUST have a retention policy that establishes a destruction time table. The retention policy MUST be included in or linked from the site's human-readable privacy policy.

UNI

Non-financial identifiers, excluding government-issued identifiers, issued for purposes of consistently identifying or recognizing the individual. These include identifiers issued by a Web site or service.

PUR

Information actively generated by the purchase of a product or service, including information about the method of payment.

INT

Data actively generated from or reflecting explicit interactions with a service provider through its site -- such as queries to a search engine, or logs of account activity.

DEM

Data about an individual's characteristics -- such as gender, age, and income.

STA

Mechanisms for maintaining a stateful session with a user or automatically recognizing users who have visited a particular site or accessed particular content previously -- such as HTTP cookies.

PRE

Data about an individual's likes and dislikes -- such as favorite color or musical tastes.

COM

Information about the computer system that the individual is using to access the network -- such as the IP number, domain name, browser type or operating system.

NAV

Data passively generated by browsing the Web site -- such as which pages are visited, and how long users stay on each page.

OTC

Other types of data not captured by the above definitions.

NOI

Web Site does not collected identified data.

DSP

The privacy policy contains DISPUTES elements.

COR

Errors or wrongful actions arising in connection with the privacy policy will be remedied by the service.

原理,

对于IE来说(默认安全级别下),iframe、img、link等标签都是只发送session cookie(又叫 第一方cookie),拦截本地cookie发送(又叫第三方cookie)。当这些标签跨域引用一个页面,实际上是发起了一次GET请求。

如果这个跨域的请求,HTTP返回头中带有Set-Cookie , 那么这个cookie对浏览器来说,实际上是无效的。

www.b.com p3p.php代码内容

/*

 * chrome,firefox不加header都行,ie因为有cookie安全限制,所以就必须加header

 * 可以使用一个吧账号和密码加密的处理成一个字符串传过去,然后去其他子站点处理字符串然后解析成账号密码登陆

 * 加密方法一定是可以逆行解的,不然就蛋疼了,使用http://php.net/manual/zh/book.mcrypt.php这个函数,或者自己写其他的方法

 *

 * JS的提交方法,ajax也可以使用

 *

 * xmlhttp.setRequestHeader( "P3P" , 'CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"' );

 */

$password = 'zzzzzzzzzzzzzzz';

echo "<script src='http://www.a.com/cookie.php?password=$password'></script>";

www.a.com cookies代码内容

<?php

session_start();

header('P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"');

setcookie("zx", $_GET['password'], time()+3600, "/");

www.a.com index.php的代码内容、

<?php

var_dump($_COOKIE);

php使用p3p实现cookies跨域设置 实现单点登录,全站登录的更多相关文章

  1. 通过P3P头实现跨域设置cookie

    PHP的setcookie函数可以设置域,但是只能在当前域内,如果出现多域可由如下办法处理:实现原理:www.b.com/set_cookie.php   在b域名下设置a域名的cookie < ...

  2. chrome浏览器的跨域设置——包括版本49前后两种设置

    做前后分离的webapp开发的时候,出于一些原因往往需要将浏览器设置成支持跨域的模式,好在chrome浏览器就是支持可跨域的设置,网上也有很多chrome跨域设置教程.但是新版本的chrome浏览器提 ...

  3. vue-cli的跨域设置

    概述 今天打算快速使用vue-cli建立一个小应用用于测试,使用axios发送http请求,但是遇到了跨域问题,总结了一下,供以后开发时参考,相信对其他人也有用. vue-cli的跨域设置 在vue. ...

  4. WebApi服务以及跨域设置

    WCF 它利用TCP.HTTP.MSMQ等传输协议构建“契约先行”的服务.WCF最初为基于SOAP的服务而设计[xml],繁琐.冗余.慢.沉重 WebApi 基于http协议,轻量级的,支持URL路由 ...

  5. Mac下的Chrome或Safari访问跨域设置,MBP上使用模拟器Simulator.app或iphone+Safari调试网页

    Mac下的Chrome或Safari访问跨域设置: mac下终端启动Chrome $ open -a Google\ Chrome --args --disable-web-security 或 /A ...

  6. Asp.net core 跨域设置

    验证环境: dotnet core 2.1/Asp.net core2.1 一.作用域在中间件层  配置的方式是在startup.cs文件Configure(IApplicationBuilder a ...

  7. chrome浏览器的跨域设置 Google Chrome浏览器下开启禁用缓存和js跨域限制--disable-web-security

    chrome用户默认路径 Win7:C:\Users\[用户名]\AppData\Local\Google\Chrome\User Data\XP:C:\Documents and Settings\ ...

  8. jexus手动跨域设置

    AP.NET MVC默认跨域方法如下: <system.webServer> <validation validateIntegratedModeConfiguration=&quo ...

  9. SSO单点登录、跨域重定向、跨域设置Cookie、京东单点登录实例分析

    最近在研究SSO单点登录技术,其中有一种就是通过js的跨域设置cookie来达到单点登录目的的,下面就已京东商城为例来解释下跨域设置cookie的过程 涉及的关键知识点: 1.jquery ajax跨 ...

随机推荐

  1. testng.xml文件结构组成及节点属性说明

    TestNG的DTD检查文件:http://testng.org/testng-1.0.dtd.PHP 更多testng配置及说明,请移步http://testdoc.org/docmaster?pi ...

  2. Qt-note0906

    1.在Qt中每一个类都有一个与其同名的头文件: 2.任何一个Qt GUI程序都要有一个QApplication对象: 3.在默认情况下,新建的可视部件对象都是不可见的,要使用show()函数让它们显示 ...

  3. iOS开发实用干货——强化你的Xcode控制台

    f(x) 郑秀晶程序员不要整天看代码,偶尔也要看看风景?? www.90168.org先上一张我的Xcode控制台的图片让你们感受一下 酷炫控制台 是不是觉得很酷?不过仅仅是酷还是远远不够的,当你点击 ...

  4. 线段树(区间操作) POJ 3325 Help with Intervals

    题目传送门 题意:四种集合的操作,对应区间的01,问最后存在集合存在的区间. 分析:U T [l, r]填充1; I T [0, l), (r, N]填充0; D T [l, r]填充0; C T[0 ...

  5. docker不稳定 short running containers with -rm failed to destroy

    正常运行以下命令 sudo docker run --rm busybox echo helloworld /var/log/upstart/docker.log 日志如下: // :: POST / ...

  6. three.js右手坐标系, 显示和线条

    1.右手坐标系 Threejs使用的是右手坐标系,这源于opengl默认情况下,也是右手坐标系.下面是右手坐标系的图例,如果对这个概念不理解,可以百度一下,我保证你伸出手比划的那一瞬间你就明白了,如果 ...

  7. BZOJ3583 : 杰杰的女性朋友

    将$I$转置,设$G=OI$,则$ans=G^0+G^1+...+G^d$. 注意到$G^d=O(IO)^{d-1}I$,而$IO$是大小为$k\times k$的矩阵,可以通过倍增在$O(k^3\l ...

  8. BZOJ2002 & LCT模板(分块不会搞)

    题意: 看题. 某天,Lostmonkey发明了一种超级弹力装置,为了在他的绵羊朋友面前显摆,他邀请小绵羊一起玩个游戏.游戏一开始,Lostmonkey在地上沿 着一条直线摆上n个装置,每个装置设定初 ...

  9. 使用ajax和history.pushState无刷新改变页面URL

    表现 如果你使用chrome或者firefox等浏览器访问本博客.github.com.plus.google.com等网站时,细心的你会发现页面之间的点击是通过ajax异步请求的,同时页面的URL发 ...

  10. POJ 2823 Sliding Window 题解

    POJ 2823 Sliding  Window 题解 Description An array of size n ≤ 106 is given to you. There is a sliding ...