Solved

IE and Ajax cookies

Posted on 2014-10-22
11
266 Views
Last Modified: 2014-11-01
I'm running into a problem with IE, not sending PHP session cookies in its AJAX calls within an iframe within the same site.

To elaborate:

I have a web application, running via https, where most of the application takes place within an iframe.

When IE users log in, the code sends a PHP session cookie.  Then, whenever I do an AJAX call within the application itself, from the iframe, the AJAX call doesn't send back the session cookie.

As I mentioned, the site is running via https, and the domain should be listed as a trusted internet zone.

I've tried having the session cookie be re-set within the iframe, and I've added a P3P privacy policy:

header('P3P: CP="NOI ADM DEV COM NAV OUR STP"');

I've seen the problem described on these StackOverflow posts:

https://stackoverflow.com/questions/15856886/ajax-on-ie10-dont-send-cookies

https://stackoverflow.com/questions/389456/cookie-blocked-not-saved-in-iframe-in-internet-explorer

Any way I can get IE to start saving and sending back the session cookies?

BTW: I don't have any issues with Chrome, Firefox, Safari, Mobile devices, etc.
0
Comment
Question by:hdcowboyaz
  • 6
  • 5
11 Comments
 
LVL 58

Expert Comment

by:Gary
ID: 40398510
This is a cookie set within the parent window and not within the iframe?
What is the url for the Parent window and what is the url for iFrame window?
IE is a bit more strict about cross domain policy (and does screw up) so if there is any difference between the two urls then it won't work.
0
 

Author Comment

by:hdcowboyaz
ID: 40403339
I've tried setting the cookie in the parent and in the iframe both.

My application changes the iframe source (via javascript) whenever
people take various actions but the iframe initially loads a script that
re-sets the session cookie to have the same as the parent window.

The iframe should match the domain of the parent window, too, because I
specify it using a relative URL.

Should I manually specify the full URL in the iframe, like
https://mydomain.com/setcookie.php ?
0
 
LVL 58

Expert Comment

by:Gary
ID: 40403347
Still didn't answer my questions...
Is the domain changing?
If you are already using ajax then why use an iframe at all, get rid of the iframe and just use ajax
0
 

Author Comment

by:hdcowboyaz
ID: 40403437
I'm using the iframe because that's how I'm keeping the menu from
reloading on every single page load...

The domain isn't changing, or shouldn't be, it isn't coded to anywhere...
0
 
LVL 58

Expert Comment

by:Gary
ID: 40403486
menu from  reloading on every single page load
That's a very 80/90's mentality
0
Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

 

Author Comment

by:hdcowboyaz
ID: 40403490
Are you dissing on me or trying to help me?
0
 
LVL 58

Expert Comment

by:Gary
ID: 40403502
Am I dissing you - yes a bit, but not personally

Keeping a static menu that loads pages in a frame is very 90's when the average internet speed was about 28kb's and there was a (MS inspired) reason for doing it (using frames)

These days the average internet speed is at least 1Mb (myself I am on 150Mb) - loading web pages in a frame to make the website faster achieves nothing but heartache for the owner and annoyance for the user who cannot bookmark pages for example

You are already using ajax, so you are using 90's technology with 21st technology to achieve a 90's look
0
 

Author Comment

by:hdcowboyaz
ID: 40403506
So what is the answer? Or enlighten way to do it?
0
 
LVL 58

Expert Comment

by:Gary
ID: 40404380
Just use ajax instead of the iframe
0
 

Author Comment

by:hdcowboyaz
ID: 40407126
Are you interested in a project?
0
 
LVL 58

Accepted Solution

by:
Gary earned 500 total points
ID: 40407620
Depends on the project and what's involved - I'm quite busy at the moment.
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Suggested Solutions

Have you tried to learn about Unicode, UTF-8, and multibyte text encoding and all the articles are just too "academic" or too technical? This article aims to make the whole topic easy for just about anyone to understand.
It’s a strangely common occurrence that when you send someone their login details for a system, they can’t get in. This article will help you understand why it happens, and what you can do about it.
The viewer will learn how to look for a specific file type in a local or remote server directory using PHP.
Learn how to set-up PayPal payment integration in your Wufoo form. Allow your users to remit payment through PayPal upon completion of your online form. This is helpful for collecting membership payments, customer payments, donations, and more.

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now