Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Session Variables not saved when page is in an iFrame

I have an aspx page with a listbox control. The listbox is populated from a collection that is retrieved from a service when the page loads. When the user selects an item from the listbox the page posts back, adding the retrieved objects to the session before reloading. On the reload I use the session objects instead of having to call the service again.

This all works fine until I access the page from within an iFrame. The Session objects are not retrieved when the page is in an iFrame (Session["blah"] is null). This code works perfectly when the page is not in an iFrame.

I am using IIS7 and windows server 2008. Is there anything I need to do in ISS to allow Session variables to be used in an iFrame? Does anyone know of anything else that may cause this to happen?

Thanks, Neil

like image 606
Neil Avatar asked Jun 16 '11 07:06

Neil


People also ask

Does session work in iframe?

The session starts well on the second site when it is run live without the iframe. However, when it is called by the iframe, the session does not start.

Can we use session in ASPX page?

You can't, JavasSript is used for client side scripting on the browser, and cannot access a Session object from a server. JavaScript runs in the clients browser, your Session object is exposed by the server. There's disconnected space between them.


2 Answers

IE gives lower level of trust to 3rd party content loaded in an iframe. This blocks session cookies.

You can solve this by setting a P3P header in IIS:

Name = p3p
Value = CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA"

IIS settingsP3P response headers

See Also

like image 72
mika Avatar answered Sep 24 '22 14:09

mika


In my case, the project was .net framework 4.6.1. I've upgraded to 4.7.2 version and added the key below to the web.config

<system.web>
    <sessionState cookieSameSite="None"/>

This way third party Iframe sessions starts working.

Before you do this change, it's better to read this https://docs.microsoft.com/en-us/aspnet/samesite/system-web-samesite

like image 35
Burak Altin Avatar answered Sep 25 '22 14:09

Burak Altin