JSONP PHP Session does not remain constant

Question

Hello,

Using JSONP on a site say xyz.com, I am calling a site abc.com/test.php. However, everytime I call this site, I get a new session id in IE6 and IE7. In other browsers it remains constant.

The code of test.php is something like:

<?php
session_start();
echo session_id();
?>

However, after I visit http://abc.com/test.php in another window, and then refresh my page at xyz.com with JSONP code, it shows a constant ID. I have no clue why. Any suggestions?

This happens only in IE6 and IE7. Rest all work as expected. Somehow IE6 and IE7 dont seam to retain the session id (i.e. cookie name) until I actually visit the site in another window.

Answer 1

Based on some info on PHP.net, will adding this header work?

<?php header('P3P: CP="CAO PSA OUR"'); ?>

Quote:

"workaround when using session variables in a .php file referred by a frame (.html, or other file type) at a different server than the one serving the .php:

Under these conditions IE6 or later silently refuses the session cookie that is attempted to create (either implicitly or explicitly by invoquing session_start()).

As a consequence, your session variable will return an empty value.

According to MS kb, the workaround is to add a header that says your remote .php page will not abuse from the fact that permission has been granted.

Place this header on the .php file that will create/update the session variables you want:"

If this doesn't solve it, it might be something to do with the HTTReferer as IE doesn't send it on requests that initiate from JavaScript (e.g. doing this in IE will fail to send the HTTR Referer document.location.href = 'http://example.com/';