Session is lost when including a page in frame from another site
September 30th, 2009
While trying to create an application for one of our resellers, I realized that session data on our side is lost when they include our application in an iframe on their site. This is because on some browsers (IE mostly), when you reference cross site pages by frames, cookies are not enabled for the site you reference. As session data is dependent on cookie, you loose session state too.
To prevent this, you should add a P3P header data to your referenced page header like below. You can add this to your global.asax for your dot net application.
1 2 3 4 | protected void Application_BeginRequest(Object sender, EventArgs e) { HttpContext.Current.Response.AddHeader("p3p", "CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\""); } |
Burc Sade (aka laforge) is a full time application developer (mainly web applications), part time entrepreneur located in Istanbul, Turkey. This site is his blog about the projects going on, little programming tricks, Internet, travel, photography and other bits and pieces.
