A few days ago, a corporate website contained a customer's service system. Because the website was a rented space, it was not enough to store the customer's system, so we set up another server to unify the domain name (the domain name of the other server was the same as the original one). The domain name was too different), so I included this customer system in the original website using a framework, but encountered some problems. For cross-domain operations, the problem of session loss occurred after the client system user logged in, which troubled me for a whole day. I also posted here to ask for a solution. See: http://bbs.bc-cn.net/dispbbs.asp ?boardID=10&ID=167628&page=3. After searching for information in many ways, I finally solved this problem after my own analysis and experiments. Today I saw someone asking for the program, so I wrote this post for everyone to share.
First explain the principle:
The system recognizes the scope of each program. Generally speaking, an IE defaults to a program scope.
Because the framework has cross-domain content, it first defaults to the program scope of the framework program itself, so that the program scope within the framework cannot be confirmed.
In order to make this IE default to the program scope within the frame, I used multiple jumps.
First, jump out of this frame and enter a frameless website page that requires a session value (call it the page of server B), and generate a session in this page so that the system can automatically generate a sessionID, and then jump back to the framed one. Page. Because the system has generated a session ID for this IE, as long as this IE is not closed, the system always thinks that this IE is within the scope of this program. In this way, the regenerated session value can survive in this ID.
This achieves the purpose of cheating the system.
One more thing to add, the second jump uses a different method because I need to discard the information outside the frame and save the information within the frame.
Different jump methods will discard or save the information before the jump.
Program implementation:
File 1:
Framework file: index.htm (running on server A)
<html>
<head>
<meta HTTP-EQUIV=Content-Type CONTENT=text/html; charset=gb2312>
<title>Qihao Door Industry</title>
</head>
<frameset rows=1,* border=0 frameborder=0>
<frame name=winBackLoad scrolling=no noresize target=mainweb1 src=default_top.htm>
<frame name=mainweb1 src=http://www.serverB.com/index.asp scrolling=auto>
<noframes>
<body>
<p>This page uses frames, but your browser doesn't support them. </p>
</body>
</noframes>
</frameset>
</html>
File 2: index.asp (running on server B, functions to jump and generate sessionID)
<script>
if (top.location !== self.location) {
top.location=self.location;
}
//The purpose of this JS is to run outside the frame
</script>
<%
if session(xm2)= then
session(xm2)=eee
'The purpose of the above sentence is just to use the session, let the system generate a sessionID for this IE, and determine whether it has been jumped to avoid causing an infinite loop.
%>
<META HTTP-EQUIV=REFRESH CONTENT=0;URL='http://www.serverA.com/index.htm'>
<%
, the above sentence is to return to the frame, note: only use the above jump method, do not use the following jump method.
else
Response.Redirect index2.asp
'The above sentence is the real jump to run the program on server B! Note: You can only jump in this way!
end if%>
After the above jump, this IE already has the session ID on server B. In other words, although the frame is running on the main frame on server A, it can ensure that the session on server B is not lost, achieving cross-domain operation. Purpose.