[Zope] sessions in an iframe

henk laloli ticino at hccnet.nl
Tue Jun 13 06:13:04 EDT 2006


Dieter Maurer wrote:
 > henk laloli wrote at 2006-6-12 09:46 +0200:
 >> ...
 >> The problem does not occur in IE when the page is used on its own, only
 >> when it is used in an iframe. The question then is: can it be that IE
 >> restricts the session behaviour in this situation? How can I solve it?
 >
 > IE has nothing to do with the session behaviour directly.
 >
 >   Session handling is a server side thing and IE is doing
 >   client side staff.
 >
 > However, IE needs to pass on the session id. Usually, the session id
 > is managed in a cookie. It might be that IE does not pass the cookie
 > into the "iframe".
 >
 > Please read the "cookie spec" (on the Netscape site) to check
 > whether IE should pass the cookie (this can be controlled
 > by the "path" and "domain" parameters when the cookie is created).
 >
 > If it should, check the IE bug reports for potential cookie problems
 > related to "iframe"s.

Thanks, Dieter, your comments make me realize the problem clearer.
The iframe's domain name does not conform to that of the parent window. 
So, it will not pass that test. As far as IE is concerned it is a third 
party cookie and many IE browsers clients will block it. There is no 
elegant solution to this. Asking the user to change the privacy settings 
would be an option. Storing the query string in the parent window would 
be another solution.

-- 
Henk Laloli





More information about the Zope mailing list