Session Lost in iFrame (P3P Issue)

Problem: If you have iFrame or multiple frameset in your ASP.NET page, session is lost in the child frame.

Session ID: If you use Response.Write to show the Session.SessionID of your page, you'd notice that it's actually changing on every postback.

Cause: Due to the browser and Platform for Privacy Preferences (P3P) natures, the child frame will be considered as third party site if the top level domain is different between the parent and child frame. Therefore, default privacy settings of IE (medium) will be used and reject any cookies sent from the third party site (that is your child frame).

Solution: Apart from altering the settings in IE (which may not be possible due to client company security reason as in my case), the easiest solution is to add a header to the base page and acknowledge it can trusted to the parent site.

For example,

    public class BasePage : System.Web.UI.Page
    {
        public BasePage() {}

        protected override void OnInit(EventArgs e)
        {
            Response.AddHeader("p3p", "CP=\"IDC DSP COR ADM DEVi TATi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"");
        }
    }

References:

Published Wednesday, October 13, 2010 1:15 PM by Colt

Filed under: ASP.NET

Comments

# re: Session Lost in iFrame (P3P Issue)

This is because by default session is cookie based. Cookie from iframe is regarded as third party cookie and not allowed.

1. Just add a header will solve your problem on certain browser, but not enough for other scenarios, eg. ie 8 on windows 7.

2. Implement P3P policy properly by having policly file will solve problem on most of browsers but not safari. Safari says P3P is out of date, so when they build the browser, they did not consider it.

3. We eventually have to go cookieless session, that works. Price to pay is sessionid showing in address, also, ajax call is affected, since even calling local web service, will have sessonid embedded.

Monday, October 25, 2010 8:29 AM by 刘壮

# re: Session Lost in iFrame (P3P Issue)

nore igrace <a href=www.vsezasport.si/.../kompresijska-oblacila>Kompresijska oblacila</a> za sprostitev.

Friday, November 18, 2011 7:05 PM by dolenco

# re: Session Lost in iFrame (P3P Issue)

vb code vinodkotiya.blogspot.com/.../aspnet-with-php-session-lost-in-iframe.html

Wednesday, December 07, 2011 11:31 PM by vinodkotiya

# re: Session Lost in iFrame (P3P Issue)

check here as well:

www.codeproject.com/.../Frames-Sessions-and-P3P

Monday, August 20, 2012 4:11 AM by Tim

# re: Session Lost in iFrame (P3P Issue)

It is not pleasant to me.

Monday, September 24, 2012 10:24 AM by icons collection

# re: Session Lost in iFrame (P3P Issue)

<a href="www.777icons.com/.../no.htm"> There are also other lacks</a>

Monday, October 08, 2012 11:12 PM by icons package

# re: Session Lost in iFrame (P3P Issue)

Youre so cool! I dont suppose Ive learn anything like this before. So good to search out any individual with some authentic thoughts on this subject. realy thanks for starting this up. this website is something that's needed on the internet, someone with just a little originality. helpful job for bringing something new to the web!

Saturday, May 18, 2013 1:46 AM by sswobjip@gmail.com

Title (required)
Name (required)
Your URL (optional)
Comments (required)
Remember Me?

Colt Kwong Blog

This Blog

Syndication

Search

Tags

News

Navigation

Archives

My Articles

My Blogroll

My Books

My Email List

My Self

My ToolBox