469,337 Members | 6,011 Online
Bytes | Developer Community
New Post

Home Posts Topics Members FAQ

Post your question to a community of 469,337 developers. It's quick & easy.

Session eset while browsing in an IFrame

I'm building an application wich should be used by other websites
inside an iFrame. My app stores some sessionvariables, but sometimes
in IE (6 and 7) IIS seems to restart the session on each pageload. It
does this when I post the page, or request the page, no matter what.
My sessionId is changing, wich prevents me from storing for example a
shoppingcart in the users session.

Weirdest thing is that it works fine in Firefox (never saw a problem),
but in IE it sometimes doesn't work and sometimes it does...

Server is Windows 2003 standard, using IIS
Clients are some different machines running Firefox, IE 6 and IE 7
Applications uses nothing more than ASP, VBScript.

Any ideas?

Thanx in advance!

Arno

Aug 21 '07 #1
4 4760

<av******@gmail.comwrote in message
news:11*********************@g4g2000hsf.googlegrou ps.com...
I'm building an application wich should be used by other websites
inside an iFrame. My app stores some sessionvariables, but sometimes
in IE (6 and 7) IIS seems to restart the session on each pageload. It
does this when I post the page, or request the page, no matter what.
My sessionId is changing, wich prevents me from storing for example a
shoppingcart in the users session.

Weirdest thing is that it works fine in Firefox (never saw a problem),
but in IE it sometimes doesn't work and sometimes it does...

Server is Windows 2003 standard, using IIS
Clients are some different machines running Firefox, IE 6 and IE 7
Applications uses nothing more than ASP, VBScript.

Any ideas?

Thanx in advance!

Arno
IE will consider your ASP Session Cookies as "3rd Party" and based on
privacy settings will block them.

Say someone goes to two different websites, both of which host your IFrame
page. Well with a bit of tracking you could know that the person had
visited each website. This is a breach of the persons privacy. If they go
to website A and then B, it is none of your business, or at least thats what
M$ think. Consider the implications of advertising networks AdTech,
DoubleClick etc. They could know you search Amazon and eBay for a d*ldo so
would tailor ads on other sites for you accordingly.
Aug 23 '07 #2
<av******@gmail.comwrote in message
news:11*********************@g4g2000hsf.googlegrou ps.com...
I'm building an application wich should be used by other websites
inside an iFrame. My app stores some sessionvariables, but sometimes
in IE (6 and 7) IIS seems to restart the session on each pageload. It
does this when I post the page, or request the page, no matter what.
My sessionId is changing, wich prevents me from storing for example a
shoppingcart in the users session.

Weirdest thing is that it works fine in Firefox (never saw a problem),
but in IE it sometimes doesn't work and sometimes it does...

Server is Windows 2003 standard, using IIS
Clients are some different machines running Firefox, IE 6 and IE 7
Applications uses nothing more than ASP, VBScript.

Any ideas?
Most likely due to some clients having browser cookie handly policies set to
reject even session level cookies.

"sometimes" needs more definition. Do you mean sometimes a client that is
working normally fails? Or do you actually mean some clients just don't
work?

IIS 6? Is the application pool recycling? Anything odd in the event log?
--
Anthony Jones - MVP ASP/ASP.NET
Aug 24 '07 #3
On 24 aug, 16:44, "Anthony Jones" <A...@yadayadayada.comwrote:
<avdbr...@gmail.comwrote in message

news:11*********************@g4g2000hsf.googlegrou ps.com...


I'm building an application wich should be used by other websites
inside an iFrame. My app stores some sessionvariables, but sometimes
in IE (6 and 7) IIS seems to restart the session on each pageload. It
does this when I post the page, or request the page, no matter what.
My sessionId is changing, wich prevents me from storing for example a
shoppingcart in the users session.
Weirdest thing is that it works fine in Firefox (never saw a problem),
but in IE it sometimes doesn't work and sometimes it does...
Server is Windows 2003 standard, using IIS
Clients are some different machines running Firefox, IE 6 and IE 7
Applications uses nothing more than ASP, VBScript.
Any ideas?

Most likely due to some clients having browser cookie handly policies set to
reject even session level cookies.

"sometimes" needs more definition. Do you mean sometimes a client that is
working normally fails? Or do you actually mean some clients just don't
work?

IIS 6? Is the application pool recycling? Anything odd in the event log?

--
Anthony Jones - MVP ASP/ASP.NET- Tekst uit oorspronkelijk bericht niet weergeven -

- Tekst uit oorspronkelijk bericht weergeven -
@Bookham
But my session runs inside 1 iFrame, and I do not need to know if the
user is visiting another site with the same iFrame included. I just
want to keep track of my own session, in the current iFrame. What's
the security risk in that case?

@Anthony:
"Sometimes" means that I can use the application normally from time to
time, but sometimes, on the same machine, using the same browser, on
the same internetconnection, the application stops to work correctly.
Yes, using IIS6, no application pool recycling an no odd events in the
log.
And again: FireFox works perfectly!

Any other thoughts would be appriciated.

Thanx

Arno

Aug 27 '07 #4
On 27 aug, 12:56, avdbrink <avdbr...@gmail.comwrote:
On 24 aug, 16:44, "Anthony Jones" <A...@yadayadayada.comwrote:


<avdbr...@gmail.comwrote in message
news:11*********************@g4g2000hsf.googlegrou ps.com...
I'm building an application wich should be used by other websites
inside an iFrame. My app stores some sessionvariables, but sometimes
in IE (6 and 7) IIS seems to restart the session on each pageload. It
does this when I post the page, or request the page, no matter what.
My sessionId is changing, wich prevents me from storing for example a
shoppingcart in the users session.
Weirdest thing is that it works fine in Firefox (never saw a problem),
but in IE it sometimes doesn't work and sometimes it does...
Server is Windows 2003 standard, using IIS
Clients are some different machines running Firefox, IE 6 and IE 7
Applications uses nothing more than ASP, VBScript.
Any ideas?
Most likely due to some clients having browser cookie handly policies set to
reject even session level cookies.
"sometimes" needs more definition. Do you mean sometimes a client that is
working normally fails? Or do you actually mean some clients just don't
work?
IIS 6? Is the application pool recycling? Anything odd in the event log?
--
Anthony Jones - MVP ASP/ASP.NET- Tekst uit oorspronkelijk bericht niet weergeven -
- Tekst uit oorspronkelijk bericht weergeven -

@Bookham
But my session runs inside 1 iFrame, and I do not need to know if the
user is visiting another site with the same iFrame included. I just
want to keep track of my own session, in the current iFrame. What's
the security risk in that case?

@Anthony:
"Sometimes" means that I can use the application normally from time to
time, but sometimes, on the same machine, using the same browser, on
the same internetconnection, the application stops to work correctly.
Yes, using IIS6, no application pool recycling an no odd events in the
log.
And again: FireFox works perfectly!

Any other thoughts would be appriciated.

Thanx

Arno- Tekst uit oorspronkelijk bericht niet weergeven -

- Tekst uit oorspronkelijk bericht weergeven -
Well, thanks for thinking along, but I just found the answer.

It's a IE problem started from IE 6 wich introduced Platform for
Privacy Preferences (P3P) Project. This makes my Iframe content "third
party content" and sets the privacy setting to Medium, silently
rejecting cookies sent from my site.

Adding a custom header to my app telling the brwoser that it's "good"
content solved the problem!

More info: http://support.microsoft.com/default.aspx?scid=kb;en-us;
323752


Thanks again!

Arno

Aug 28 '07 #5

This discussion thread is closed

Replies have been disabled for this discussion.

Similar topics

reply views Thread by sean | last post: by
1 post views Thread by zzzbla | last post: by
reply views Thread by shwaqar82 | last post: by
reply views Thread by spolsky | last post: by
1 post views Thread by spolsky | last post: by
6 posts views Thread by Maspr | last post: by
1 post views Thread by CARIGAR | last post: by
reply views Thread by suresh191 | last post: by
1 post views Thread by Marylou17 | last post: by
1 post views Thread by Marylou17 | last post: by
By using this site, you agree to our Privacy Policy and Terms of Use.