tags:

views:

352

answers:

1
Q: 

Iframe 3rd party cookie issue in interner explorer

I am building an ASP.NET 3.5 application in which I have a page which loads another page in a different domain in an iframe. Below is the for Default.aspx page:

<asp:Content ID="Content1" ContentPlaceHolderID="mainContent" runat="server">
    <iframe src="isite.aspx" runat="server" width="100%" height="100%" scrolling="auto">

    </iframe>
</asp:Content>

Below is the iframe page isite.aspx:

    <html xmlns="http://www.w3.org/1999/xhtml"&gt;
    <head id="Head1" runat="server">
        <title>Untitled Page</title>
    </head>
    <body style="margin: 0; text-align: center;">
        <form id="Form1" name="frmSubmit" action="https://mysite.com/Login.asp"
        method="POST" runat="server">
        <span style="font-family: Arial">
            <asp:ImageButton ID="ImageButton1" runat="server" PostBackUrl="https://mysite.com/Login.asp" ImageUrl="/ajax-loader.gif" /> Please wait...
    <br />
        </span>
        <input type="hidden" name="txtUserName" size="30" maxlength="50" value="admin"
            onkeypress="Javascript:CheckKeyPress('ID')"/>
        <input type="hidden" name="pwdPassword" size="30" maxlength="25" value="password"
            onkeypress="Javascript:CheckKeyPress('P')"/>
        </form>
    </body>
    </html>

Below is the isite.aspx.cs page:

    protected void Page_Load(object sender, EventArgs e)
    {
        Page.ClientScript.RegisterStartupScript(Page.GetType(), "click", "<script language=javascript>document.getElementById('" + ImageButton1.ClientID + "').click();</script>");
    }

This works fine in Firefox,Safari and Chrome but it dosent work in IE 7 or 8. In IE it gives me a HTTP 500 error page. After doing some research on it I figured that its a cookie issue in IE and tried the below soutions:

  1. Added the following code to the Global.asax:

    protected void Application_BeginRequest(object sender, EventArgs e)
    {
    HttpContext.Current.Response.AddHeader("p3p", "CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"");
    }

  2. Added the following line of code to the Page_Init and Page_Load events

    HttpContext.Current.Response.AddHeader("p3p", "CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"");

None of these solutions worked for me. What am I missing?

+1  A: 

Adding P3P headers is a best practice if you want a subframe to be able to use cookies, but you should look at the server logs to figure out why a HTTP/500 is getting generated in the first place, since it's the server/framework that's raising the error.

You also might want to turn off friendly errors in IE (see Tools / Internet Options / Advanced)

EricLaw -MSFT-  2010-01-07 03:11:20
The reason behind the 500 error is that IE is trying to locate the session cookie which it is not able to find. The same code works in non-IE browsers,I checked the Response Header using the firebug tool and below is the responseCache-Control privateContent-Type text/html; charset=utf-8Server Microsoft-IIS/7.5p3p CP="CAO PSA OUR", CP="NOI DSP COR NID ADM DEV PSA OUR IND UNI PUR COM NAV INT STA"X-AspNet-Version 2.0.50727X-Powered-By ASP.NETDate Thu, 07 Jan 2010 07:18:46 GMTContent-Length 8601As you can see that the P3P information is there in the header,but it still dosent work in IE
Kumar  2010-01-07 07:24:17
I would greatly appreciate any help or suggestions
Kumar  2010-01-07 07:25:22
No, that's not correct. HTTP/500 is a SERVER error, not a client error. IE doesn't throw an error when it lacks a cookie.Watch your traffic in Fiddler2 and see what the response headers from the server are; post them here. Also, see what the text of the HTTP/500 message is.
EricLaw -MSFT-  2010-01-07 15:30:08

related questions

Is it better to create Model classes, or just stick with generic database utility class?
What are effective options for embedding video in an ASP.NET web site?
Visual Studio 2008 debugger already attached work-around
Tracking state using ASP.NET AJAX / ICallbackEventHandler
ASP.NET Display SVN Revision Number
ASP.NET URL Rewriting
How can I change the background of a masterpage from the code behind of a content page?
Easy way to AJAX WebControls
How do I define custom web.config sections with potential child elements and attributes for the properties?
ASP.NET MVC "CRUD" Database Sample
Are Multiple DataContext classes ever appropriate?
How to RedirectToAction in ASP.NET MVC without losing request data
Triple Quotes? How do I delimit a databound Javascript string parameter in ASP.NET?
ASP.NET built in user profile, Vs old stile user class/tables
What's a good book for learning ASP?
Bandwith throttling in IIS 6 by IP Address
ASP .Net Custom Client-Side Validation
How to get the value of built, encoded ViewState?
Decent, simple, GIS/mapping component for ASP.NET?
Checklist for IIS 6/ASP.NET Windows Authentication?
How to write to Web.Config in Medium Trust ?
ASP.NET, Visual Studio and Subversion - how to integrate?
Floating Point Number parsing: Is there a Catch All algorithm?
How do I sync the SVN revision number with my ASP.NET web site?
ASP.NET Site Maps