ie9 重定向后丢失 cookie
我有一个 iframe:
- 向服务器发送请求
- 服务器会返回 302 并设置 cookie
- 浏览器不保存 cookie,但会发帖(不知道为什么不获取,但这并不重要)
- #3 中的 cookie 丢失
了找到了解决方法:
Response.AddHeader("Pragma", "no-cache");
Response.AddHeader("Cache-Control", "no-cache");
但没有帮助。 mb 有人知道什么可以解决这个问题吗?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(5)
您可能想了解为什么浏览器执行 POST 而不是 GET,因为这意味着您遗漏了一条重要信息。没有浏览器会使用 POST 遵循 HTTP/302 重定向。
在 IE9 中,如果标头允许,重定向响应将被缓存(IE8 及以下版本不会缓存重定向)。
您绝对可以在 302 重定向上设置 cookie。这里有两种可能性:
鉴于您在 IFRAME 中遇到此问题,#1 似乎更有可能。 (请参阅快速了解 P3P)
You may want to look into why your browser is doing a POST rather than a GET, since that implies that there's an important piece of information that you left out. No browser will follow a HTTP/302 redirect with a POST.
In IE9, redirection responses are cached if headers allow (IE8 and below would not cache redirects).
You can absolutely set a cookie on a 302 redirect. There are two possibilities here:
Given that you're having this problem in an IFRAME, #1 seems more likely. (See Quick Look at P3P)
这篇文章可能有点晚了,但我最近已经处理了 Grails 应用程序的这个特定问题。许多年前,我创建的 Java Web 应用程序中也出现了同样的问题,其中 Internet Explorer 阻止了 cookie(隐私设置)。为了允许 Java Web 应用程序和 JavaScript 在 Internet Explorer 的主页面或 IFRAME 中写入 Cookie,从 Web 应用程序发送了隐私策略。 Microsoft 仍然支持名为隐私首选项平台 (P3P) 的隐私策略格式。其他现代浏览器似乎不支持此格式,但它确实有助于克服 IE cookie 问题。尽管担心 IE 10 对 P3P 的支持,我还是通过严格的验证成功测试了以下 P3P 设置。
1) 确定您的应用程序所需的类别。对于我的应用程序,交互式、导航和uniqueid< /strong> 正确操作需要类别。 P3P 规范站点上列出了紧凑策略代码
2) 确定紧凑策略是否单独有效。对于我的应用程序来说,紧凑的策略标头就足够了。如果您需要策略文件,请在此处查看一些示例文件:http://p3pbook.com/examples.html< /a>.
3)下面的代码是一个非常简化的示例,但仍然应该说明要执行的步骤。
您当然可以在其他技术中执行类似的步骤,例如 PHP 和 ASP.NET。我希望这至少可以帮助人们找到解决 IE cookie 问题的正确方向。
This post may be a little late, but I have recently handled this particular issue for a Grails application. Many years ago, the same issue occurred in a Java web application that I created where Internet Explorer was blocking cookies (privacy settings). In order to allow the Java web app and JavaScript to write cookies in a primary page or an IFRAME in Internet Explorer, a privacy policy was sent from the web application. Microsoft still supports a privacy policy format called Platform for Privacy Preferences (P3P). This format does not appear to be supported in other modern browsers, but it does help overcome IE cookie issues. Despite concerns with IE 10 support of P3P, I have successfully tested the following P3P settings with strict validation.
1) Identify required categories for your application. For my application, the interactive, navigation, and uniqueid categories were required for proper operation. The Compact Policy codes are listed on the P3P specification site
2) Determine if compact policy alone will work. For my application, the compact policy header was sufficient. If you require a policy file, then please review some example files here: http://p3pbook.com/examples.html.
3) The code below is a very simplified example, but should still illustrate the steps to perform.
You can certainly perform similar steps in other technologies, such as PHP and ASP.NET. I hope this at least helps point people in the right direction for solving the IE cookie issue.
要扩展 EricLaw 关于 IE 9 缓存重定向响应的答案,请查看此页面:
http://blogs.msdn.com/b/ie/archive/2010/07/14/caching-improvements-in-internet-explorer-9.aspx
另外,有一件事关于缓存的重定向响应,请注意,确实没有简单的方法可以清除它们。清除缓存和 cookie 会将它们保留在原处。有 2 个选项:
To expand on EricLaw's answer about IE 9 caching redirection responses, check out this page:
http://blogs.msdn.com/b/ie/archive/2010/07/14/caching-improvements-in-internet-explorer-9.aspx
Also, one thing to note about the cached redirect responses is there really is no easy way to clear them out. Clearing cache and cookies leaves them in place. There are 2 options:
我不知道您是否明白这一点,但请确保您指示您的应用程序不要设置客户端 cookie。在 CF 中,有一个应用程序参数“setClientCookies”,将其设置为 false 时可确保您所描述的情况不会发生。 (巧合的是,将其设置为“假”或“否”不起作用,因为 CF 通常也会将其识别为假。)
I dunno if you ever figured this out, but make sure you're instructing your application to not set client cookies. In CF, there's an application parameter 'setClientCookies', when setting it to false makes sure what you're describing doesn't happen. (Coincidentally, setting it to 'false' or 'no' does not work where as CF normally recognizes this as false as well.)
您可能需要检查 Cookie 上的“过期”与“最长期限”设置。 IE 不会考虑 Max-Age(如果没有给出 Expire,也许较新的 IE 会考虑?),但他们会查看当地时间并将其与 Expire 日期进行比较。如果本地时间是将来的时间,或者服务器的日期是过去的,则 cookie 将被视为过期,并且不会在下一次请求时发送。
我还注意到,即使 IE9 会在开发人员界面中告诉您它执行了 POSt,但它实际上在 302 重定向后执行了 GET。需要注意的是,整个 302 事情有点混乱,网站应该使用 303 和 307,但无论如何。
You may want to check the Expire vs. Max-Age setting on your cookie. IEs will not consider the Max-Age (maybe newer ones do, if no Expire is given?), but they will look at the local time and compare it with the Expire date. If local time is in the future, or server has the date in the past, the cookie will be considered as expired and will not be sent on the next request.
I've also noticed that even if IE9 will tell you in the developer interface that it does a POSt, it really does a GET after a 302 redirect. As a note, the whole 302 thing is a bit messed up and sites should you 303 and 307, but anyway.