473,554 Members | 2,639 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

Session eset while browsing in an IFrame

I'm building an application wich should be used by other websites
inside an iFrame. My app stores some sessionvariable s, but sometimes
in IE (6 and 7) IIS seems to restart the session on each pageload. It
does this when I post the page, or request the page, no matter what.
My sessionId is changing, wich prevents me from storing for example a
shoppingcart in the users session.

Weirdest thing is that it works fine in Firefox (never saw a problem),
but in IE it sometimes doesn't work and sometimes it does...

Server is Windows 2003 standard, using IIS
Clients are some different machines running Firefox, IE 6 and IE 7
Applications uses nothing more than ASP, VBScript.

Any ideas?

Thanx in advance!

Arno

Aug 21 '07 #1
4 4902

<av******@gmail .comwrote in message
news:11******** *************@g 4g2000hsf.googl egroups.com...
I'm building an application wich should be used by other websites
inside an iFrame. My app stores some sessionvariable s, but sometimes
in IE (6 and 7) IIS seems to restart the session on each pageload. It
does this when I post the page, or request the page, no matter what.
My sessionId is changing, wich prevents me from storing for example a
shoppingcart in the users session.

Weirdest thing is that it works fine in Firefox (never saw a problem),
but in IE it sometimes doesn't work and sometimes it does...

Server is Windows 2003 standard, using IIS
Clients are some different machines running Firefox, IE 6 and IE 7
Applications uses nothing more than ASP, VBScript.

Any ideas?

Thanx in advance!

Arno
IE will consider your ASP Session Cookies as "3rd Party" and based on
privacy settings will block them.

Say someone goes to two different websites, both of which host your IFrame
page. Well with a bit of tracking you could know that the person had
visited each website. This is a breach of the persons privacy. If they go
to website A and then B, it is none of your business, or at least thats what
M$ think. Consider the implications of advertising networks AdTech,
DoubleClick etc. They could know you search Amazon and eBay for a d*ldo so
would tailor ads on other sites for you accordingly.
Aug 23 '07 #2
<av******@gmail .comwrote in message
news:11******** *************@g 4g2000hsf.googl egroups.com...
I'm building an application wich should be used by other websites
inside an iFrame. My app stores some sessionvariable s, but sometimes
in IE (6 and 7) IIS seems to restart the session on each pageload. It
does this when I post the page, or request the page, no matter what.
My sessionId is changing, wich prevents me from storing for example a
shoppingcart in the users session.

Weirdest thing is that it works fine in Firefox (never saw a problem),
but in IE it sometimes doesn't work and sometimes it does...

Server is Windows 2003 standard, using IIS
Clients are some different machines running Firefox, IE 6 and IE 7
Applications uses nothing more than ASP, VBScript.

Any ideas?
Most likely due to some clients having browser cookie handly policies set to
reject even session level cookies.

"sometimes" needs more definition. Do you mean sometimes a client that is
working normally fails? Or do you actually mean some clients just don't
work?

IIS 6? Is the application pool recycling? Anything odd in the event log?
--
Anthony Jones - MVP ASP/ASP.NET
Aug 24 '07 #3
On 24 aug, 16:44, "Anthony Jones" <A...@yadayaday ada.comwrote:
<avdbr...@gmail .comwrote in message

news:11******** *************@g 4g2000hsf.googl egroups.com...


I'm building an application wich should be used by other websites
inside an iFrame. My app stores some sessionvariable s, but sometimes
in IE (6 and 7) IIS seems to restart the session on each pageload. It
does this when I post the page, or request the page, no matter what.
My sessionId is changing, wich prevents me from storing for example a
shoppingcart in the users session.
Weirdest thing is that it works fine in Firefox (never saw a problem),
but in IE it sometimes doesn't work and sometimes it does...
Server is Windows 2003 standard, using IIS
Clients are some different machines running Firefox, IE 6 and IE 7
Applications uses nothing more than ASP, VBScript.
Any ideas?

Most likely due to some clients having browser cookie handly policies set to
reject even session level cookies.

"sometimes" needs more definition. Do you mean sometimes a client that is
working normally fails? Or do you actually mean some clients just don't
work?

IIS 6? Is the application pool recycling? Anything odd in the event log?

--
Anthony Jones - MVP ASP/ASP.NET- Tekst uit oorspronkelijk bericht niet weergeven -

- Tekst uit oorspronkelijk bericht weergeven -
@Bookham
But my session runs inside 1 iFrame, and I do not need to know if the
user is visiting another site with the same iFrame included. I just
want to keep track of my own session, in the current iFrame. What's
the security risk in that case?

@Anthony:
"Sometimes" means that I can use the application normally from time to
time, but sometimes, on the same machine, using the same browser, on
the same internetconnect ion, the application stops to work correctly.
Yes, using IIS6, no application pool recycling an no odd events in the
log.
And again: FireFox works perfectly!

Any other thoughts would be appriciated.

Thanx

Arno

Aug 27 '07 #4
On 27 aug, 12:56, avdbrink <avdbr...@gmail .comwrote:
On 24 aug, 16:44, "Anthony Jones" <A...@yadayaday ada.comwrote:


<avdbr...@gmail .comwrote in message
news:11******** *************@g 4g2000hsf.googl egroups.com...
I'm building an application wich should be used by other websites
inside an iFrame. My app stores some sessionvariable s, but sometimes
in IE (6 and 7) IIS seems to restart the session on each pageload. It
does this when I post the page, or request the page, no matter what.
My sessionId is changing, wich prevents me from storing for example a
shoppingcart in the users session.
Weirdest thing is that it works fine in Firefox (never saw a problem),
but in IE it sometimes doesn't work and sometimes it does...
Server is Windows 2003 standard, using IIS
Clients are some different machines running Firefox, IE 6 and IE 7
Applications uses nothing more than ASP, VBScript.
Any ideas?
Most likely due to some clients having browser cookie handly policies set to
reject even session level cookies.
"sometimes" needs more definition. Do you mean sometimes a client that is
working normally fails? Or do you actually mean some clients just don't
work?
IIS 6? Is the application pool recycling? Anything odd in the event log?
--
Anthony Jones - MVP ASP/ASP.NET- Tekst uit oorspronkelijk bericht niet weergeven -
- Tekst uit oorspronkelijk bericht weergeven -

@Bookham
But my session runs inside 1 iFrame, and I do not need to know if the
user is visiting another site with the same iFrame included. I just
want to keep track of my own session, in the current iFrame. What's
the security risk in that case?

@Anthony:
"Sometimes" means that I can use the application normally from time to
time, but sometimes, on the same machine, using the same browser, on
the same internetconnect ion, the application stops to work correctly.
Yes, using IIS6, no application pool recycling an no odd events in the
log.
And again: FireFox works perfectly!

Any other thoughts would be appriciated.

Thanx

Arno- Tekst uit oorspronkelijk bericht niet weergeven -

- Tekst uit oorspronkelijk bericht weergeven -
Well, thanks for thinking along, but I just found the answer.

It's a IE problem started from IE 6 wich introduced Platform for
Privacy Preferences (P3P) Project. This makes my Iframe content "third
party content" and sets the privacy setting to Medium, silently
rejecting cookies sent from my site.

Adding a custom header to my app telling the brwoser that it's "good"
content solved the problem!

More info: http://support.microso ft.com/default.aspx?sc id=kb;en-us;
323752


Thanks again!

Arno

Aug 28 '07 #5

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

0
2496
by: sean | last post by:
I have an mypage.asp page with a button, one can access this page only if Session("smth") = 1. There is also an empty iframe in this page (src is not specified). When I click the button I will fill the iframe with a page (src = 'another.asp'). For security reasons I check the login session in another.asp and Session("smth") is empty no...
1
2786
by: kambakht | last post by:
I am using an iframe in my index.aspx thus all the webforms in application navigate in this iframe. While main appication links are present on the top of page above iframe, in main window. These links have target=myiFrame, thus opening respective pages in iFrame. I have put the session timeout period on each page so if some user remains...
1
8085
by: kambakht | last post by:
I am using an iframe in my index.aspx thus all the webforms in application navigate in this iframe. While main appication links are present on the top of page above iframe, in main window. These links have target=myiFrame, thus opening respective pages in iFrame. I have put the session timeout period on each page so if some user remains...
1
19234
by: zzzbla | last post by:
Hello, I have a project in which I'm trying to embed one site, that uses session stored variables, inside an IFRAME in another site (which for that matter doesn't even use sessions). Problem is, that it doesn't always save the session. When I try to access it from some computers, I have no problem, the session variable is stored and I...
0
1719
by: shwaqar82 | last post by:
Do any one knows how to get session id from iframe source link or by creating webrequest. Any help or piece of coding or recommended book will be appreciable Best Regards Shaukat Waqar
0
1711
by: spolsky | last post by:
hi, i have the following pages. when form submitted with the field1 value is "ok" then the iframe must be loaded with the text "Page loaded...". This works fine with IE 6 and FireFox(1.5) but Opera (9.01) does not refresh the iframe but loads the page for iframe from the cache. If DisableCaching() function used which disables all kind of...
1
7969
by: spolsky | last post by:
hi, i have the following pages. when form submitted with the field1 value is "ok" then the iframe must be loaded with the text "Page loaded...". This works fine with IE 6 and FireFox(1.5) but Opera (9.01) does not refresh the iframe and loads the page for iframe from the cache, so refreshing the page gets the iframe refreshed with the new...
6
1583
by: Maspr | last post by:
I am trying to build a mixed site of ASP and ASP.NET. I am having trouble keeping the ASP session from timing out when using just the ASP.NET pages. The ASP.NET pages has a Master Page with an iFrame that loads an ASP page, however this is not keeping ASP from timing out. Does anyone know how to work around this?
3
1661
prabunewindia
by: prabunewindia | last post by:
Hi, for my project, i am using session to store the user's information like userid, username... Also i am storing the dataset, which is having the datas for the particular user to avoid trip to database always. Unfortunately this is a big dataset... so once the dataset stored into session, the browsing system gets slow(bcoz its taking more...
0
7615
marktang
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main...
0
7539
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it. First, let's disable language...
0
7819
Oralloy
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed. This is as boiled down as I can make it. ...
1
7581
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For...
0
6170
agi2029
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then...
1
5446
isladogs
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules. He will explain when you may want to use classes...
0
5165
by: conductexam | last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one. At the time of converting from word file to html my equations which are in the word document file was convert...
0
3589
by: TSSRALBI | last post by:
Hello I'm a network technician in training and I need your help. I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs. The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols. I succeeded, with both firewalls in...
1
1149
muto222
by: muto222 | last post by:
How can i add a mobile payment intergratation into php mysql website.

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.