ASP.Net with PHP : Session lost in iframe accessing php page P3P Issue
ASP.Net with PHP : Session lost in iframe accessing php page
Problem: If you have iFrame or multiple frameset in your ASP.NET page, session is lost in the child frame. I have a php app running inside an iframe on an aspx webpage.
I pass a piece of info to this iframe through http parameters, php gets it and then set it in the session. However, the session data is lost when I click submit button and postback occur in child frame . within the same php application works fine if i do not use iframe.
ifdisplay.Attributes("src") = "http://191.254.1.42/cmg/upload.php?folder=" & destfolder & "&type=" & ddlType.SelectedValue & "&date=" & txtDate.Text & "&sub=" & txtSub.Text & "&eid=" & Session("eid").ToString & "-" & Request.UserHostAddress.ToString & "&uploadtype=" & Session("uploadtype")
ifdisplay.Visible = True
ModalPopupExtender1.Show()
Cause: Due to the browser and Platform for Privacy Preferences (P3P) natures, the child frame will be considered as third party site if the top level domain is different between the parent and child frame. Therefore, default privacy settings of IE (medium) will be used and reject any cookies sent from the third party site (that is your child frame).
Solution: Apart from altering the settings in IE (which may not be possible due to change at every client), the easiest solution is to add a header to the base page and acknowledge it can trusted to the parent site.
Note: (If your parent (aspx) and child(php) are in two different platform then put the required code for p3p setting seperately at top of the code)
Add this line (In my case in parent aspx page)
// you can also put it in page_init
Protected Sub Page_Load(ByVal sender As Object, ByVal e As System.EventArgs) Handles Me.Load
If Not Page.IsPostBack Then
Response.AddHeader("p3p", "CP=" & Chr(34) & "IDC DSP COR ADM DEVi TATi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" & Chr(34))
And in child PHP page
<?php header("p3p: CP=\"ALL DSP COR PSAa PSDa OUR NOR ONL UNI COM NAV\"");?>
Problem: If you have iFrame or multiple frameset in your ASP.NET page, session is lost in the child frame. I have a php app running inside an iframe on an aspx webpage.
I pass a piece of info to this iframe through http parameters, php gets it and then set it in the session. However, the session data is lost when I click submit button and postback occur in child frame . within the same php application works fine if i do not use iframe.
ifdisplay.Attributes("src") = "http://191.254.1.42/cmg/upload.php?folder=" & destfolder & "&type=" & ddlType.SelectedValue & "&date=" & txtDate.Text & "&sub=" & txtSub.Text & "&eid=" & Session("eid").ToString & "-" & Request.UserHostAddress.ToString & "&uploadtype=" & Session("uploadtype")
ifdisplay.Visible = True
ModalPopupExtender1.Show()
Cause: Due to the browser and Platform for Privacy Preferences (P3P) natures, the child frame will be considered as third party site if the top level domain is different between the parent and child frame. Therefore, default privacy settings of IE (medium) will be used and reject any cookies sent from the third party site (that is your child frame).
Solution: Apart from altering the settings in IE (which may not be possible due to change at every client), the easiest solution is to add a header to the base page and acknowledge it can trusted to the parent site.
Note: (If your parent (aspx) and child(php) are in two different platform then put the required code for p3p setting seperately at top of the code)
Add this line (In my case in parent aspx page)
// you can also put it in page_init
Protected Sub Page_Load(ByVal sender As Object, ByVal e As System.EventArgs) Handles Me.Load
If Not Page.IsPostBack Then
Response.AddHeader("p3p", "CP=" & Chr(34) & "IDC DSP COR ADM DEVi TATi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" & Chr(34))
End If
End Sub
And in child PHP page
<?php header("p3p: CP=\"ALL DSP COR PSAa PSDa OUR NOR ONL UNI COM NAV\"");?>
- Vinod Kotiya
Comments