there is some problem with third-party cookies in IE, try to add this line in logout.aspx Response.AddHeader("P3P", "CP=TST")
see the explanation here
http://www.devx.com/security/Article/17742/0/page/4
see the explanation here
http://www.devx.com/security/Article/17742/0/page/4
我在网站A
192.168.0.1/aa/logout.aspx
中加了
Response.AddHeader("P3P", "CP=TST")
logout.aspx页面如下
<%@ Page Language="vb" AutoEventWireup="false" Codebehind="logout.aspx.vb" Inherits="aa.logout"%>
<% Response.ContentType = "image/gif"
Response.Expires = -1
'Response.AddHeader("P3P", "CP=TST")
Response.AddHeader("P3P", "CP=""TST""")
Response.WriteFile("signout_good.gif")
%>logout.aspx.vb如下
Private Sub Page_Load(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles MyBase.Load
'在此处放置初始化页的用户代码
FormsAuthentication.SignOut()
Dim authcookie As HttpCookie = New HttpCookie(FormsAuthentication.FormsCookieName, "")
authcookie.Expires = DateTime.Now.AddDays(-1) authcookie.Path = FormsAuthentication.FormsCookiePath
authcookie.Domain = "192.168.0.1"
Response.AppendCookie(authcookie)
End Sub
可是在网站B
192.168.0.2/bb/logout.aspx <img src=http://192.168.0.1/aa/logout.aspx>还是不能注销A的cookie看192.168.0.2/bb/logout.aspx的隐私报告显示
http://192.168.0.1/aa/logout.aspx 阻拦请看看有什么问题吗?
http://msdn.microsoft.com/library/default.asp?url=/workshop/security/privacy/overview/privacyfaq.asp
我把Cookie的Path属性这样设也会出现这种问题
oCookie.Path = "/";
<%
Response.AddHeader("P3P", "CP=""NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM""")
dim cookie as new HttpCookie("hello")
cookie.Value = "world at " & DateTime.Now
cookie.Path = "/"
cookie.Expires = DateTime.Now.AddDays(10)
Response.Cookies.Add(cookie)
%>
<script language=javascript>
alert(document.cookie);
</script>2. expirecookie.aspx:
<%
Response.ContentType = "image/gif"
Response.AddHeader("P3P","CP=""TST""")
dim cookie as HttpCookie = Request.Cookies("hello")
If Not cookie Is Nothing Then
cookie.Value = "expire at " & DateTime.Now
cookie.Expires = DateTime.Now.AddDays(-10)
cookie.Path = "/"
Response.Cookies.Add(cookie)
Response.WriteFile("web.gif")
Else
Response.WriteFile("win2000.gif")
End IfResponse.End()
%>3. showcookie.aspx:
<script language=javascript>
alert(document.cookie);
</script><%
dim cookie as HttpCookie = Request.Cookies("hello")If Not cookie Is Nothing Then
Response.Write(String.Format("value={0}<br>path={1}<br>domain={2}", cookie.Value, cookie.Path, cookie.Domain))
Else
Response.Write("No cookie")
End If%>server 2:
<img src="http://server1/expirecookie.aspx">you also want to read
http://msdn.microsoft.com/library/default.asp?url=/workshop/security/privacy/overview/createprivacypolicy.asp
修改代码在如果在其他版本可以同时注销两个网站server1,server2的cookie则6.00.2462.0000中无法注销server1的cookie. 同时发现客户端win2000的cookie中 phpbb2km_data (cookie 名稱)
s%3A0%3A%22%22%3B (cookie 值)
km.tceb.edu.tw/ (cookie 網域及路徑)
请注意-> 1024 <-请注意
16956672
29648268
4116192768
29574842
*
如果是1024的cookie可同时注销,如果是1056的cookie不可同时注销. 请问思归大人如何生成总是1024的cookie
另外据说IE6.00.2462.0000 是Internet Explorer 6 Public Preview (Beta) 不知道是不是确实这个版本IE有问题。
现在问题是:
要其他版本成功执行需要在IIS/自定义HTTP头中添加简洁策略。
而要IE6.00.2462.0000可成功执行需要清除在IIS/自定义HTTP头中添加的简洁策略。
这如何根据UserAgent来编码控制呢?
是不是只有提示IE升级这一个办法拉?
http://www.blunck.info/iehttpheaders.html另一个建议是,别光用Headers,根据上述文章,试着在服务器段生成那些策略文件,看该版本是不是实际上验证这些策略文件
您说的我都试过
得到IE版本不是问题,可以办到。
但是http://www.blunck.info/iehttpheaders.html工具没法在win98下使用,因为我没在
win2000下安装过IE6.00.2462.0000。
这点可以确定,win98中IE6.00.2462.0000中老是提示找不到网站的策略文件。 试了好多次我都快灰心了,真不知道微软是如何实现passport的cookie注销的。
http://www.xoc.net/works/p3p/default.asp
建网站的策略文件我早试了,对IE6.00.2462.0000没用。
据说微软的passport是收费的,个人可以申请吗??
you can always have a free hotmail account, and observe how the cookie headers are passed around>>>各个分站点同时注销成功,或又同时注销失败it is out of your control, there is no such thing as to do a two-phase transaction on logout