Mariusz, Gorzoch tech Blog

Session state and cross domain IFrame problem

with one comment

Today I encounter strange behavior and really stuck for one day with work as I was completely lost what is the problem. In general I’ve create application with was going to be exposed in our external IIS server inside IFrame object:

So, the application surrounding IFrame was build be someone else and was placed in different domain then main application and was complete out of my control. In first place, when I was testing my application outside of IFrame object – everything works perfectly fine. Then when I moved it to IFrame, everything stooped to work. As I mentioned on the beginning I was looking for the solution on that, and found that it helps if I open my application outside of IFrame in second browser and if I will get back to the IFrame version of the application – then everything looks fine.

… on the end I found reason of the problem …

The problem was that I wasn’t aware that if you are placing your application inside IFrame and if the hosting application is placed in different domain then yours application then you will not have access to cookies, and by this each time you make a post back, then the session will get new ID, which will of course crash application (as it was depend on the session state). To correct this I need to tweak-up my web.config to stop using cookies for storing session ID and instead of that use URL to do so. In case of framework 2.0 this can be done by adding this section:

    <sessionState cookieless="true" mode="InProc"></sessionState>

if you will go for this, then you tell IIS engine to not use cookies and store Session ID in the URL send back and forth to the users. In my case this solve the problem.

here is an overview of this section on msdn : http://msdn.microsoft.com/en-us/library/h6bb9cz9.aspx


Written by Mariusz Gorzoch

2 October 2009 at 14:18

Posted in Bez kategorii

One Response

Subscribe to comments with RSS.

  1. […] Anyways, my coworker was insisting that he wasn’t using cookies so the solution won’t make a difference anyways. The site was done in Asp.net web forms and he was using session state, which was stored on the server.  A quick google of “asp.net session state cookies” and Asp.net session state does indeed use cookies. A little more googling and this site gives a great description of the problem and solution. […]

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: