How can I continue a session in an iframe?

Question

How can I continue a session in an iframe?

Suppose I have a web application that I want to embed in any other site using an iframe. Iframe links to my site and works regardless of the hosting web page.

Well, the browser considers the iframe to be a third-party site, so its session cookie is considered a third-party cookie. There are some ways to make browsers happy (such as the P3P header), but it is still possible that the user would completely disable third-party cookies. If so, then the session cookie cannot be stored in the iframe.

What are some good methods to save a session in an iframe on a third party site?

+4

security browser cookies session iframe

spoulson May 27 '09 at 19:11

source share

2 answers

I had a similar problem. There is a temporary solution (it will not work if you intend to monitor user behavior on sites).

I am. Place a Persian persistent cookie in the domain where your iframe will be placed. (This can be done using JavaScript).

II. Insert an iframe dynamically and pass the cookie value to your website.

III. If you intend to monitor user behavior on different sites, change the code above to use third-party cookies when the browser permits, otherwise you can use the above approach.

I have not come across any other way around this. If you find a more acceptable solution, let me know.

+4

rAm Jun 04 '09 at 11:30

source share

spoulson · Accepted Answer · 2009-06-04T12:10:49+0000

I intend to keep track of the session inside the iframe, so that clicks and reloads keep state. There is no need to bind sessions between the iframe and the hosting site.

The best I could come up with is cookieless sessions. This is a little manual, but with this site running PHP, I just need to make sure that querystring always contains " PHPSESSID=x " and it automatically joins this session identifier.

How can I continue a session in an iframe?

More articles: