发表新帖
发表新帖

IE 11 first-party session cookies being lost in iframe

前端 未结
关注
4 353
渐次进展
渐次进展 2020-12-12 15:26

We have a site (www.example.com) which sends users off to a series of third party pages to verify payment details, which we do in an iframe. Initially, a local page from www

相关标签:
4条回答
  • 说谎
    2020-12-12 16:00

    We encountered a similar problem with Internet Explorer 11 where the session cookie went missing after a redirect over https.

    The request chain looked something like this:

    initial request to / -> session cookie set -> redirect to an external URL -> redirect back (session cookie lost)

    Our problem was due to an invalid host name according to RFC952, we had underscores in our test server URL. It seems that Internet Explorer silently drops the session cookie on redirect over https if the URL does not conform to RFC952. When using dashes instead of underscores, everything worked as expected.

    The original solution was found in the Update 2 section of this asp.net blogpost from 2004. Related microsoft bug ticket here.

    Hopefully this will help someone.

    0 讨论(0)
  • 野的像风
    2020-12-12 16:11

    I have the same issue that is mentioned on this topic.

    Our site is placed in an iframe and using session to cookie(asp.net_session). While navigation in site there is not problem (cookies are working and attached to the requests headers). But when we redirect customer to another website(othersite.com) then othersite.com redirect customer to our domain and force it to open as "_top", browser doesn't send the cookies with requests so that we lost the customers session. This problem only occured on IE.

    What can you advice to fix this problem.

    0 讨论(0)
  • 时光说笑
    2020-12-12 16:13

    I have noticed session cookies are often lost when IE7 compatibility mode is engaged for a new page. I suppose the same could apply to the iframe. Is the iframe sending a X-UA-Compatible header value that is different than the parent page, or different than earlier in the session? Like maybe your session started with IE=edge, and the iframe page sets it to IE=7. If so, IE seems to spin up a new IE PID for the compatibility mode pages and session cookies often (but it seems don't get transferred.

    0 讨论(0)
  • 面向向阳花
    2020-12-12 16:16

    Check your Internet Options in IE11. Tools > Internet Options > Privacy > Advanced

    Maybe you should override that and enable "Always allow session cookies".

    0 讨论(0)
 看不清?
提交回复
热议问题