简体繁体 English

在Windows 10上的IE11中读取第三方cookie的任何可能的技巧或技术

[英]Any possible trick or technique to read third party cookies in IE11 on windows 10

原文 2015-12-04 14:50:14 1 1 internet-explorer/ cookies/ single-sign-on/ windows-10/ p3p

Microsoft has removed P3P policy, through this we can read and create third party cookie in IE on windows 8.1 and earlier. Microsoft删除了P3P策略，通过该策略，我们可以在Windows 8.1及更早版本的IE中读取并创建第三方cookie。 But after removing this we can't create or read third party cookies. 但是删除此选项后，我们将无法创建或读取第三方Cookie。

We have on centralize system for authentication on http://a.com and we create cookies on http://a.com when user get login on http://b.com or http://c.com through JSONP request and read cookies always from http://a.com for checking user is loggedin or not and we share session across all our websites by this technique. 我们在http://a.com上建立了集中身份验证系统，并且当用户通过JSONP请求在http://b.com或http://c.com上登录时，我们在http://a.com上创建了cookie。并始终从http://a.com读取cookie以检查用户是否登录，并且我们通过这种技术在所有网站上共享会话。 But now it is not working in IE11 on windows 10 because we can't create cookies when use get logged in and can't read cookies on other site. 但是现在它无法在Windows 10的IE11中工作，因为使用登录后我们无法创建Cookie，并且无法在其他站点上读取Cookie。

1 个解决方案

If I'm reading your question correctly, server A ( http://a.com ) always knows whether the user is logged in or not. 如果我正确阅读了您的问题，则服务器A （ http://a.com ）始终知道用户是否已登录。

You should be able to query A to get the authentication state from a page hosted on another domain using AJAX. 您应该能够查询A来使用AJAX从另一个域上托管的页面获取身份验证状态。 This is not permitted by default in order to prevent cross-site scripting , but you can allow it by configuring A to include CORS headers in each HTTP response. 为了防止跨站点脚本编写，默认情况下不允许这样做，但是可以通过将A配置为在每个HTTP响应中包括CORS标头来允许它。