P3P header 还有一个特点就是同一个包里只能设置一次,后面的P3P Header不会覆盖前面的P3P header,浏览器只认第一个。
P3P 是 The Platform for Privacy Preferences 的简称
更多具体的内容可以参阅W3C的标准 http://www.w3.org/TR/P3P/
在这里,我们看到的很乱的 P3P header里的东西,都不知道是什么乱七八糟的策略内容,实际上这是一些简写
比如 上面用到的
P3P: CP=CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR
CP 是 Compact Policy 的简写
CURa 中 CUR 是 <current/> 的简写, a 是 always 的简写
定义很多,我这里摘部分标准中的内容
[57] |
compact-purpose |
= |
"CUR" | ; for <current/> |
[58] |
creq |
= |
"a"| ;"always" |
更多的内容可以参考上面提到的标准
当然P3P header也可以直接 引用一个 xml 策略文件
比如这么写
HTTP/1.1 200 OK
P3P: policyref="http://catalog.example.com/P3P/PolicyReferences.xml";
Content-Type: text/html
Content-Length: 7413
Server: CC-Galaxy/1.3.18
使用P3P的方法还有很多,这里不一一列举了。
Response.AddHeader "P3P”,"CP=CAO PSA OUR”
it
一段解决IFRAME中SESSION无法保留的代码.
Response.AddHeader "P3P”,"CP=CAO PSA OUR”_jetcui_这个是属于HTML标准内容,所以不管你是用哪种语言开发web site,其宗旨不变。
1. 访问Sina首页的HTTP Head为:
注:数据由HTTP Watch获得,其中xxx.xxx.xx.xx为客户机的外网IP地址。
(Request-Line) GET / HTTP/1.1
Accept */*
Accept-Encoding gzip, deflate
Accept-Language zh-cn
Connection Keep-Alive
Cookie SINAGLOBAL=xxx.xxx.xx.xx.85531212651426880; vjuids=9a926633.11a6279184e.0.5c66aec4be11d4; vjlast=1217249497; SINA_NEWS_CUSTOMIZE_city=%u5317%u4EAC; Iask2_visitID=125.33.58.43.297711214640695678
Host www.sina.com.cn
If-Modified-Since Mon, 28 Jul 2008 12:44:19 GMT; length=390245
UA-CPU x86
User-Agent Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)
Cookie中的SINAGLOBAL比较有意思,应该是第一次访问的IP后跟随机数, vjuids貌似一个UUID
2. 点击”股票“频道
(Request-Line) GET /stock/ HTTP/1.1
Cookie SINAGLOBAL=xxx.xxx.xx.xx.85531212651426880; vjuids=9a926633.11a6279184e.0.5c66aec4be11d4; vjlast=1217424645; SINA_NEWS_CUSTOMIZE_city=%u5317%u4EAC; Iask2_visitID=125.33.58.43.297711214640695678; sinaRotator/=86; Apache=125.33.63.114.293231217424590255; sinaRotator/%3F=61; FINA_V_S_2=sh600635,sh600611,sh600795
Host finance.sina.com.cn
可见Cookie中的FINA_V_S_2会存储最近访问股票
3. 点击“旅游”频道
(Request-Line) GET / HTTP/1.1
Cookie SINAGLOBAL=159.226.43.61.85531212651426880; vjuids=9a926633.11a6279184e.0.5c66aec4be11d4; vjlast=1217424645; SINA_NEWS_CUSTOMIZE_city=%u5317%u4EAC; Iask2_visitID=125.33.58.43.297711214640695678; sinaRotator/=87; Apache=125.33.63.114.293231217424590255; sinaRotator/%3F=61
Host tour.sina.com.cn
Referer http://www.sina.com.cn/
4. 新浪的网页搜索使用的是google.cn
http://www.google.cn/search?client=aff-sina&ie=gb&oe=utf8&hl=zh-CN&channel=hpsearch&q=%B0%C2%D4%CB
-------------------------------------------------------------
Information about the utmLinker and the __utma, __utmb and __utmc cookies
The __utmb and __utmc cookies are used to track a user's session as follows:
__utmb
* Hashcode
* Changes to identify each unique session
* Non-persistent cookie
* Works with __utmc to determine when a session ends
* Dies when a browser is closed
* If it disappears a new visitor session is started
__utmc
* Session based cookie
* Destroyed after 30 minutes of inactivity
* Can be set higher
* Works with __utmb to determine when session ends
* If it disappears, a new visitor session starts
* Visitor timeout set in __utm.js. Default is 1800 seconds
* 30 minutes is appropriate. Some websites and their visitor traffic may require a different timeout value
When using the utmLinker() function, __utmb and __utmc are assigned a value of 1 by the uDomain() function but only if the _udn variable is set to "none". How can Google Analytics track the beginning and end of a session if both values are set to 1? The beginning and end of a session are calculated and stored in values within the __utma cookie, and not in the __utmb or __utmc cookies.
The __utma cookie is formatted as follows:
__utma = domainhash.unique.ftime.ltime.stime.sessioncount;
where:
domainhash = hash of the domain name of the website
unique = a randomly generated 31 bit integer
ftime = UTC timestamp of first visitor session
ltime = UTC timestamp of last visitor session
stime = UTC timestamp of current visitor session
sessioncount = number of sessions; always incremented for each new session
---------------------------------------------------------------------------------
自己去实现http协议
GET /mailregAll/verifyCodeImg.jsp?t=1270958528689 HTTP/1.1
Host: reg.email.163.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; zh-CN; rv:1.9.1.8) Gecko/20100202 Firefox/3.5.8
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: zh-cn,zh;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: GB2312,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Referer: http://reg.email.163.com/mailregAll/reg0.jsp?from=163
Cookie: __ntes__test__cookies=1270958486953; locOfCh=others; Province=0571; City=09491; vjuids=ddf978e2.127eb0741d0.0.036b5680082ba8; vjlast=1270958474.1270958474.30; _ntes_nnid=8b756d746b620209cb695015c080f4a2,0; _ntes_nuid=8b756d746b620209cb695015c080f4a2; JSESSIONID=bacVf2lsrqPoo5tLXbRFs
然后等着收数据,会收到两部分,第一部分是HTTP头,以\r\n\r\n分隔;第二部分就是你的图像数据