topcoder1 Posted August 31, 2007 Share Posted August 31, 2007 I have a php app running inside an iframe. I pass a piece of info to this iframe through http parameters, php gets it and then set it in the session. However, the session data is lost when I read it from another php page within the same php application. index.php which resides in an iframe session_start(); $_SESSION['mydata']=$_POST['mydata']; // ok another.page that I later invoke error_log(print_r($_SESSION,1)); //nothing! this weirdness only happens on IE. and if I refresh the iframe again, the session data will be available. any idea? thanks Quote Link to comment Share on other sites More sharing options...
pocobueno1388 Posted August 31, 2007 Share Posted August 31, 2007 On the other page are you calling session_start? Quote Link to comment Share on other sites More sharing options...
topcoder1 Posted August 31, 2007 Author Share Posted August 31, 2007 On the other page are you calling session_start? yes I am. Here's the complete code: index.php session_start(); $_SESSION['mydata']=$_POST['mydata']; // ok session_write_close(); //ensures that I dont lock the session for too long another php page I invoke later session_start(); error_log(print_r($_SESSION,1)); //nothing in the session array! also the html file that has the iframe is hosted by a different domain than the phps. They are both hosted on the same machine however. The problem only occurs on IE. Quote Link to comment Share on other sites More sharing options...
topcoder1 Posted August 31, 2007 Author Share Posted August 31, 2007 solution according to hbertini at sapo dot pt 13-Mar-2005 03:29 workaround when using session variables in a .php file referred by a frame (.html, or other file type) at a different server than the one serving the .php: Under these conditions IE6 or later silently refuses the session cookie that is attempted to create (either implicitly or explicitly by invoquing session_start()). As a consequence, your session variable will return an empty value. According to MS kb, the workaround is to add a header that says your remote .php page will not abuse from the fact that permission has been granted. Place this header on the .php file that will create/update the session variables you want: <?php header('P3P: CP="CAO PSA OUR"'); ?> Regards, Hugo http://us.php.net/function.session-start Quote Link to comment Share on other sites More sharing options...
brianko Posted November 1, 2012 Share Posted November 1, 2012 (edited) I know you guys are much older now. Still, I want to appreciate your answer. By the way, I found that I need <?php header('P3P: CP="CAO PSA OUR"'); ?> to read the session data, as well. Brian Edited November 1, 2012 by brianko Quote Link to comment Share on other sites More sharing options...
raphioly Posted June 11, 2013 Share Posted June 11, 2013 As a bit of extra info on the topic, for others: @brianko: That's quite obvious. If the session ID can't be read from the cookie (implying cookie usage), the session can't be continued thus you can't access the session data. The safest thing to do is to have this header sent along whenever, even if you're not in an frame or iframe. Only thing I find strange is that ONLY microsoft has this weird safety built into their browser and, assuming, no other browser vendors have this. Cheers! Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.