5

I have an aspx page with a listbox control. The listbox is populated from a collection that is retrieved from a service when the page loads. When the user selects an item from the listbox the page posts back, adding the retrieved objects to the session before reloading. On the reload I use the session objects instead of having to call the service again.

This all works fine until I access the page from within an iFrame. The Session objects are not retrieved when the page is in an iFrame (Session["blah"] is null). This code works perfectly when the page is not in an iFrame.

I am using IIS7 and windows server 2008. Is there anything I need to do in ISS to allow Session variables to be used in an iFrame? Does anyone know of anything else that may cause this to happen?

Thanks, Neil

Neil
  • 2,488
  • 7
  • 30
  • 53
  • DO you have this problem in all browser or only IE? – Ivo Jun 16 '11 at 07:58
  • Are you posting back inside the frame. Or are you posting back the container page? If it is the latter it won't have knowledge of the changes the user made to the page in the frame. – Colin Mackay Jun 16 '11 at 07:59
  • No the iFrame doesn't have any knowledge of the parent page, nor does it need it. The parent page is just for navigation. I am only using IE as it is a page in Dynamics CRM 2011 which only works with IE, so I can't really test it with other browsers. I will attempt to create a basic html page with an iFrame and see if the same issue happens in IE and other browsers – Neil Jun 16 '11 at 08:06
  • 1
    Actually never mind, I just cleared out the files in `C:\Windows\Microsoft.NET\Framework64\v2.0.50727\Temporary ASP.NET Files\` and restarted IIS and it was all working. – Neil Jun 16 '11 at 08:15
  • 1
    @neil: consider to create an answer with these informations, so that this question could be accepted and closed and others might benefit from your solution. – Tim Schmelter Jun 16 '11 at 09:05
  • @Tim Schmelter: I tried adding that as an answer when I first came across the solution but stackoverflow makes me wait 8 hours before I can answer my own question.... – Neil Jun 23 '11 at 08:49

4 Answers4

10

IE gives lower level of trust to 3rd party content loaded in an iframe. This blocks session cookies.

You can solve this by setting a P3P header in IIS:

Name = p3p
Value = CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA"

IIS settings P3P response headers

See Also

Community
  • 1
  • 1
mika
  • 6,404
  • 2
  • 33
  • 38
5

In my case, the project was .net framework 4.6.1. I've upgraded to 4.7.2 version and added the key below to the web.config 

<system.web>
    <sessionState cookieSameSite="None"/>

This way third party Iframe sessions starts working.

Before you do this change, it's better to read this https://docs.microsoft.com/en-us/aspnet/samesite/system-web-samesite

Burak Altin
  • 356
  • 5
  • 6
  • 1
    Thank you so much for this answer. This answer solved my problem. – Farid Imranov Feb 17 '20 at 08:25
  • Thank you ! It worked for me when I deployed website on Azure using Target .NET version 4.8. Did not work on my QA server which used old Windows 2009 R2. – Gags Apr 20 '21 at 08:15
4

Actually never mind, I just cleared out the files in C:\Windows\Microsoft.NET\Framework64\v2.0.50727\Temporary ASP.NET Files and restarted IIS and it was all working

Neil
  • 2,488
  • 7
  • 30
  • 53
  • Exactly what I just did.. .amazingly bad caching control in ASP.net, WHY does this thing not expire code itself I just wonder... WHY Microsoft. – BerggreenDK Jan 14 '13 at 16:02
-4

To enable sessions in iFrames: InterNet Options -> Privacy -> Advanced -> Check "Always Allows Session Cookies"

JJJ
  • 31,545
  • 20
  • 84
  • 99
user7071710
  • 1