I'm running into some very odd beheaviour regarding frames and internet explorer.
The situation is like this:
- I have my web application on www.webapp.com
- I have a client that wants to have a login box to my www.webapp.com on his website: www.vendor.com
- The vendor his website is setup by his webdesigner at www.vendor.com. It consists of 2 frames:
- First frame spans 100% height and width and it's location is at www.webdedesigner.com/clients/vendor
- Second frame spans 0,0 and doesn't point to anything
The login box on the remote site points to my web application. And posts login+username etc. The reason the client's website is setup with the frames is so that the browser's URL location bar always is kept at www.vendor.com. (Ugh, don't even get me started).
The problem is when I login from www.vendor.com to my web app, and my web app is loaded in the frame all of my CSS and Javascript is not loaded.
This only occurs in IE7/8, I've tested it in Firefox, Chrome, Opera and Safari and each one of them does load my CSS and JS files at it should.
This is how my header looks like:
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="nl" xmlns:xf="http://www.w3.org/2002/xforms">
<head>
<title>My Webapp</title>
<meta http-equiv="Content-Type" content="text/html" />
<link rel="icon" href="/img/favicon.ico" />
<link rel="shortcut icon" href="/img/favicon.ico" />
<link rel="stylesheet" type="text/css" href="/css/css.php?css=public" />
<script type="text/javascript" src="/js/js.php?js=public"></script>
</head>
<body>
I'm suspecting IE doesn't handle the relatie URL's of the CSS/JS correctly...
There's an even more odd thing! If i clear my IE browsing cache and I first login to www.webapp.com via that domain, and than logout and login via www.vendor.com in IE, the CSS/JS does load! The fuck? My whole webapp resides on HTTPS so it shouldn't be caching any resources...
I'm flabergasted so I resort to posting here.. anyone know what's up?
Edit
Okay, after I installed a proper debugging tool for Internet Explorer (instead of the default one), I was able to inspect the HTTP headers beeing sent. So I compared IE and Firefox and these results showed up:
IE Request Login post to my webapp
(Request-Line):POST /?portal&returnurl=www.vendor.com HTTP/1.1
Accept:application/x-ms-application, image/jpeg, application/xaml+xml, image/gif, image/pjpeg, application/x-ms-xbap, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*
Content-Type:application/x-www-form-urlencoded
Accept-Encoding:gzip, deflate
Host:www.webapp.nl
Content-Length:40
Connection:Keep-Alive
Cache-Control:no-cache
IE Response
(Status-Line):HTTP/1.1 200 OK
Date:Wed, 14 Jul 2010 10:35:34 GMT
Server:Apache
X-Powered-By:PHP/5.1.6
**Set-Cookie:PHPSESSID=uiluornfipr2dk294iro09tgg6; path=/**
Expires:Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control:no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma:no-cache
Set-Cookie:lang=0
Set-Cookie:lang=0
Connection:close
Transfer-Encoding:chunked
Content-Type:text/html; charset=UTF-8
IE CSS Request:
(Request-Line):GET /css/css.php?css=portal HTTP/1.1
Accept:*/*
Host:www.webapp.nl
Connection:Keep-Alive
IE CSS Response
(Status-Line):HTTP/1.1 200 OK
Date:Wed, 14 Jul 2010 10:35:35 GMT
Server:Apache
X-Powered-By:PHP/5.1.6
**Set-Cookie:PHPSESSID=pe2cio1vhu0shq2i497bjh5oa4; path=/**
Expires:Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control:no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma:no-cache
Content-Length:0
Connection:close
Content-Type:text/html; charset=UTF-8
Firefox Request Login post to my webapp
Host www.webapp.nl
Accept text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language nl,en-us;q=0.7,en;q=0.3
Accept-Encoding gzip,deflate
Accept-Charset ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive 115
Connection keep-alive
FF Response
Date Wed, 14 Jul 2010 10:38:57 GMT
Server Apache
X-Powered-By PHP/5.1.6
**Set-Cookie PHPSESSID=re10rmqq7u723ht3719o9q5el3; path=/ lang=0 lang=0**
Expires Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma no-cache
Connection close
Transfer-Encoding chunked
Content-Type text/html; charset=UTF-8
FF CSS Request
Host www.webapp.nl
Accept text/css,*/*;q=0.1
Accept-Language nl,en-us;q=0.7,en;q=0.3
Accept-Encoding gzip,deflate
Accept-Charset ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive 115
Connection keep-alive
**Cookie PHPSESSID=re10rmqq7u723ht3719o9q5el3; lang=0**
FF CSS Response
Date Wed, 14 Jul 2010 10:38:57 GMT
Server Apache
X-Powered-By PHP/5.1.6
Expires Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma no-cache
Connection close
Transfer-Encoding chunked
Content-Type text/css; charset=utf-8
(Removed some for brevity)
The difference is obvious. IE doesn't sent the cookie along with the CSS request, even though it did receive a set-cookie from the login response. Firefox does sent the cookie along with the CSS request. And my webapp doesn't return CSS/Script unless a valid cookie was set.
Soo, any frame/cookie guru knows why IE doesn't send along the cookies it received in the first response in further resource requests for a page it's loading?
Blockquote