What is header('P3P: CP="CAO PSA OUR"');
for?
How/why will it let this script work fine in IE?
session_start();
if (!session_is_registered(pre_myusername)开发者_JAVA技巧) {
header("location:index.php");
exit();
}
P3P is the Platform for Privacy Preferences. The value CP="CAO PSA OUR"
describes a compact policy with the tokens
contact and others (access information: What information is collected?)
Identified Contact Information and Other Identified Data: access is given to identified online and physical contact information as well as to certain other identified data.
pseudo-analysis (purpose information: What is the collected information used for?)
Pseudonymous Analysis: Information may be used to create or build a record of a particular individual or computer that is tied to a pseudonymous identifier, without tying identified data (such as name, address, phone number, or email address) to the record. This profile will be used to determine the habits, interests, or other characteristics of individuals for purpose of research, analysis and reporting, but it will not be used to attempt to identify specific individuals. For example, a marketer may wish to understand the interests of visitors to different portions of a Web site.
ours (receipient information: Who gets that collected information?)
Ourselves and/or entities acting as our agents or entities for whom we are acting as an agent: An agent in this instance is defined as a third party that processes data only on behalf of the service provider for the completion of the stated purposes. (e.g., the service provider and its printing bureau which prints address labels and does nothing further with the information.)
Gumbo has already explained what P3P is. Now, about your code, session_is_registered
is deprecated. You are using pre_myusername
as a constant. If it's not defined, PHP will assume a string, but relying on this behavior is discouraged. If you really intended to use constants, use uppercase for clarity. Note that a variable should be prefixed with a dollar ($
).
- Make sure that no content is sent before
session_start();
or the session cookie will not be sent. - Session variables are available from the
$_SESSION
array. isset()
can be used for checking the existence of a variable (array key in this case).
So, the actual code becomes:
session_start();
if(!isset($_SESSION['pre_myusername'])){
header("Location: index.php");
exit();
}
For examples and documentation of the session functions, visit the PHP Manual.
header('P3P: CP="CAO PSA OUR"')
sets a particular P3P Compact Policy (CP) which has been commonly used to allow third-party cookies from (i)frames to be used in Internet Explorer.
From Microsoft Knowledge Base article 323752.
Internet Explorer 6 introduced support for the Platform for Privacy Preferences (P3P) Project. The P3P standard notes that if a FRAMESET or a parent window references another site inside a FRAME or inside a child window, the child site is considered third party content. Internet Explorer, which uses the default privacy setting of Medium, silently rejects cookies sent from third party sites.
The article describes the CP code above:
This code sample shows that your site provides you access to your own contact information (CAO), that any analyzed data is only "pseudo-analyzed", which means that the data is connected to your online persona and not to your physical identity (PSA), and that your data is not supplied to any outside agencies for those agencies to use (OUR).
N.B. This CP is invalid as it stands since it doesn't contain any RETENTION or CATEGORIES tokens.
精彩评论