topcoder1 Posted August 31, 2007 Share Posted August 31, 2007 I have a php app running inside an iframe. I pass a piece of info to this iframe through http parameters, php gets it and then set it in the session. However, the session data is lost when I read it from another php page within the same php application. index.php which resides in an iframe session_start(); $_SESSION['mydata']=$_POST['mydata']; // ok another.page that I later invoke error_log(print_r($_SESSION,1)); //nothing! this weirdness only happens on IE. and if I refresh the iframe again, the session data will be available. any idea? thanks Link to comment https://forums.phpfreaks.com/topic/67488-solved-php-running-inside-an-iframe-and-session-data-and-ie/ Share on other sites More sharing options...
pocobueno1388 Posted August 31, 2007 Share Posted August 31, 2007 On the other page are you calling session_start? Link to comment https://forums.phpfreaks.com/topic/67488-solved-php-running-inside-an-iframe-and-session-data-and-ie/#findComment-338827 Share on other sites More sharing options...
topcoder1 Posted August 31, 2007 Author Share Posted August 31, 2007 On the other page are you calling session_start? yes I am. Here's the complete code: index.php session_start(); $_SESSION['mydata']=$_POST['mydata']; // ok session_write_close(); //ensures that I dont lock the session for too long another php page I invoke later session_start(); error_log(print_r($_SESSION,1)); //nothing in the session array! also the html file that has the iframe is hosted by a different domain than the phps. They are both hosted on the same machine however. The problem only occurs on IE. Link to comment https://forums.phpfreaks.com/topic/67488-solved-php-running-inside-an-iframe-and-session-data-and-ie/#findComment-338862 Share on other sites More sharing options...
topcoder1 Posted August 31, 2007 Author Share Posted August 31, 2007 solution according to hbertini at sapo dot pt 13-Mar-2005 03:29 workaround when using session variables in a .php file referred by a frame (.html, or other file type) at a different server than the one serving the .php: Under these conditions IE6 or later silently refuses the session cookie that is attempted to create (either implicitly or explicitly by invoquing session_start()). As a consequence, your session variable will return an empty value. According to MS kb, the workaround is to add a header that says your remote .php page will not abuse from the fact that permission has been granted. Place this header on the .php file that will create/update the session variables you want: <?php header('P3P: CP="CAO PSA OUR"'); ?> Regards, Hugo http://us.php.net/function.session-start Link to comment https://forums.phpfreaks.com/topic/67488-solved-php-running-inside-an-iframe-and-session-data-and-ie/#findComment-338896 Share on other sites More sharing options...
brianko Posted November 1, 2012 Share Posted November 1, 2012 I know you guys are much older now. Still, I want to appreciate your answer. By the way, I found that I need <?php header('P3P: CP="CAO PSA OUR"'); ?> to read the session data, as well. Brian Link to comment https://forums.phpfreaks.com/topic/67488-solved-php-running-inside-an-iframe-and-session-data-and-ie/#findComment-1389458 Share on other sites More sharing options...
raphioly Posted June 11, 2013 Share Posted June 11, 2013 As a bit of extra info on the topic, for others: @brianko: That's quite obvious. If the session ID can't be read from the cookie (implying cookie usage), the session can't be continued thus you can't access the session data. The safest thing to do is to have this header sent along whenever, even if you're not in an frame or iframe. Only thing I find strange is that ONLY microsoft has this weird safety built into their browser and, assuming, no other browser vendors have this. Cheers! Link to comment https://forums.phpfreaks.com/topic/67488-solved-php-running-inside-an-iframe-and-session-data-and-ie/#findComment-1435279 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.