Page contains IFrame and session is null only in case of Safari. My Safari version is 5.1.7
I am using MVC 4.5 Everything works in other browsers perfectly. I am using the below code..
protected override void OnResultExecuting(ResultExecutingContext filterContext)
{
base.OnResultExecuting(filterContext);
filterContext.HttpContext.Response.AddHeader("p3p", "CP=\"CAO PSA OUR\"");
GetFirstError();
}
we had exactly the same issue - FB app did not work in Safari in ASP.Net MVC project. Here is what we did to fix it:
Add P3P header to all reposonses. You can configure it at IIS server level: http://support.microsoft.com/kb/324013 - or do it directly in global.asax:
protected void Application_BeginRequest(Object sender, EventArgs e)
{
HttpContext.Current.Response.AddHeader("P3P", "CP=\"NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT\"");
}
Create w3c
folder in the root of your website (so-called well-known location) and upload p3p.xml
and policy.p3p
files into it as per this Microsoft guide: How to Deploy P3P Privacy Policies on Your Web Site
here is my p3p.xml file:
<META>
<POLICY-REFERENCES>
<POLICY-REF about="/w3c/policy.p3p">
<INCLUDE>/</INCLUDE>
<COOKIE-INCLUDE/>
</POLICY-REF>
</POLICY-REFERENCES>
</META>
and policy.p3p (sorry it's long but i'm not sure how to hide it as a spoiler):
<?xml version="1.0"?>
<POLICIES xmlns="http://www.w3.org/2002/01/P3Pv1">
<!-- Generated by IBM P3P Policy Editor version Beta 1.12 built 2/27/04 1:19 PM -->
<!-- Expiry information for this policy -->
<EXPIRY max-age="86400"/>
<POLICY
xml:lang="uk">
<!-- Description of the entity making this policy statement. -->
<ENTITY>
<DATA-GROUP>
</DATA-GROUP>
</ENTITY>
<!-- Disclosure -->
<ACCESS><nonident/></ACCESS>
<!-- No dispute information -->
<!-- Statement for group "Basic information" -->
<STATEMENT>
<EXTENSION optional="yes">
<GROUP-INFO xmlns="http://www.software.ibm.com/P3P/editor/extension-1.0.html" name="Basic information"/>
</EXTENSION>
<!-- Consequence -->
<CONSEQUENCE>
Data collected from all Web users: access logs, and search strings (if entered).</CONSEQUENCE>
<!-- Use (purpose) -->
<PURPOSE><admin/><current/><develop/></PURPOSE>
<!-- Recipients -->
<RECIPIENT><ours/></RECIPIENT>
<!-- Retention -->
<RETENTION><indefinitely/></RETENTION>
<!-- Base dataschema elements. -->
<DATA-GROUP>
<DATA ref="#dynamic.clickstream"/>
<DATA ref="#dynamic.http"/>
<DATA ref="#dynamic.searchtext"/>
</DATA-GROUP>
</STATEMENT>
<!-- Statement for group "Cookies" -->
<STATEMENT>
<EXTENSION optional="yes">
<GROUP-INFO xmlns="http://www.software.ibm.com/P3P/editor/extension-1.0.html" name="Cookies"/>
</EXTENSION>
<!-- Consequence -->
<CONSEQUENCE>
Cookies are used to track visitors to our site,
so we can better understand what portions of our site best serve you.</CONSEQUENCE>
<!-- Use (purpose) -->
<PURPOSE><develop/><tailoring/></PURPOSE>
<!-- Recipients -->
<RECIPIENT><ours/></RECIPIENT>
<!-- Retention -->
<RETENTION><business-practices/></RETENTION>
<!-- Base dataschema elements. -->
<DATA-GROUP>
<DATA ref="#dynamic.cookies" optional="yes"><CATEGORIES><uniqueid/></CATEGORIES></DATA>
</DATA-GROUP>
</STATEMENT>
<!-- End of policy -->
</POLICY>
</POLICIES>
Safari is set do NOT accept 3rd party cookies by default. This means when you're visiting domain A and it embeds domain B in an iframe, then it won't accept cookies from B until the user interacts with the content of the iframe.
This scenario bit me badly while developing a facebook application that needed sessions and the client didn't accept the solution of telling the user to enable 3rd party cookies. This is the workaround that I implemented and is working ever since:
<script>top.location = "http://example.com/cookiefix";</script>
) - the JS is needed to bust out of the iframeIf you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With