Jump to content

[SOLVED] php running inside an iframe and session data and IE


Recommended Posts

I have a php app running inside an iframe.

I pass a piece of info to this iframe through http parameters, php gets it and then set it in the session.  However, the session data is lost when I read it from another php page within the same php application.

 

index.php which resides in an iframe

	session_start();

	$_SESSION['mydata']=$_POST['mydata'];  // ok

 

another.page that I later invoke

error_log(print_r($_SESSION,1)); //nothing!

 

this weirdness only happens on IE.  and if I refresh the iframe again, the session data will be available.  any idea?

thanks

 

On the other page are you calling session_start?

 

yes I am. Here's the complete code:

 

index.php

session_start();
$_SESSION['mydata']=$_POST['mydata'];  // ok
session_write_close(); //ensures that I dont lock the session for too long

another php page I invoke later

session_start();
error_log(print_r($_SESSION,1)); //nothing in the session array!

 

also the html file that has the iframe is hosted by a different domain than the phps.  They are both hosted on the same machine however.  The problem only occurs on IE. 

 

solution according to

hbertini at sapo dot pt

13-Mar-2005 03:29

 

workaround when using session variables in a .php file referred by a frame (.html, or other file type) at a different server than the one serving the .php:

 

Under these conditions IE6 or later silently refuses the session cookie that is attempted to create (either implicitly or explicitly by invoquing session_start()).

 

As a consequence, your session variable will return an empty value.

 

According to MS kb, the workaround is to add a header that says your remote .php page will not abuse from the fact that permission has been granted.

 

Place this header on the .php file that will create/update the session variables you want:

 

<?php header('P3P: CP="CAO PSA OUR"'); ?>

 

Regards,

Hugo

 

http://us.php.net/function.session-start

 

 

  • 5 years later...

I know you guys are much older now. Still, I want to appreciate your answer. By the way, I found that I need

<?php header('P3P: CP="CAO PSA OUR"'); ?> to read the session data, as well.

 

Brian

Edited by brianko
  • 7 months later...

As a bit of extra info on the topic, for others:

 

@brianko: That's quite obvious. If the session ID can't be read from the cookie (implying cookie usage), the session can't be continued thus you can't access the session data.

 

The safest thing to do is to have this header sent along whenever, even if you're not in an frame or iframe.

 

Only thing I find strange is that ONLY microsoft has this weird safety built into their browser and, assuming, no other browser vendors have this.

 

Cheers!

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.