ansaurus

Question

3rd party app in an iFrame must keep header/top frame session alive

Answer 1

A:

I normally code with the assumption that, if I'm having to fight the framework and write in kludgy hacks, then I'm probably doing something wrong. Triggering post-back events on your parent page is exactly the sort of kludgy hack you should avoid.

I recommend tracking a users through cookies than sessions. If a user navigates to your page without a valid session, look for the cookie, and re-initiate the session if needed. Be sure you don't store sensitive, plaintext data in your cookie, because you don't want your site to be vulnerable to session hijacking.

Simple strategy like this eliminates the need to repeated ping your page.

Juliet 2010-08-30 17:18:38

I understand it should be avoided but is it possible?Won't cookies have the same problem? As in the cookie has to expire sometime say 15 minutes. So after 15 minutes of no activity the top page is in timeout state but the user has been active in the 3rd party iFrame all that time.

Tigran 2010-08-30 18:22:12

It depends how you code things, you're going to run into the same problem that you mentioned in my comments above. Things get tricky when you're looking to keep the Main page's Session from expiring based on activity within the 3rd party Iframe. Outside of that, if you use a cookie with a long expiration, then you can reload the session based on that cookie (instead of polling to keep the Session from exipring). This is a cleaner solution than the "pinging hack" I posted, but it won't get you any of the additional functionality you're looking for.

o6tech 2010-08-30 18:56:24

Answer 2

+1 A:

You could add another, hidden IFrame on the main page that is set to refresh every 10 minutes (or whatever sits within the session timeout). This would cause the session on the main page to stay alive without the user experiencing any page refreshes.

EDIT to add requested example

        var frameHTML='';
    function CheckFrame() {
        //get frame BODY
        var frameBody=$("#FFRAMEID1" + _frameNumber).contents().find("body").html();

        //Compare
        if(frameBody==frameHTML) {
            //Content has not changed.  Do not refresh main session.
        }
        else {
            //Content has changed.  Refresh main session.
        }

        //Set most recent check string
        frameHTML=frameBody;

        //Set OTHER hidden frame source to refresh main page (could be replaced by just an AJAX call)
        $('#FRAMEID2').attr("src", 'FRAMESRC');
    }

o6tech 2010-08-30 17:21:12

Juliet does make a good point -- this method or server pinging solutions are quick and dirty. Sometimes quick and dirty is what you're looking for though. :)

o6tech 2010-08-30 17:31:49

Isn't that essentially extending my top page session timeout? In your case wouldn't the top page never timeout, as long as I have the hidden iFrame? In other words it won't matter if there's activity in the 3rd party iFrame. What if there is a hidden iFrame inside the 3rd party iFrame in which case the hidden iFrame would refresh every time the 3rd party app iFrame refreshes? Is that possible? Can I add an iFrame inside 3rd party iFrame without having access to 3rd party app code?

Tigran 2010-08-30 18:05:52

Hmm, I thought all you were looking to do was prevent your Main page from having a Session Timeout. From the Main page, you can detect when the 3rd Party IFrame gets focus, but not what clicks (etc) happen within that frame. Can you tell me what's sitting withn the IFrame? Is it Flash, an AJAX, standard old website? If the content of the IFrame page changes, you could look at the content of the frame and check for changes prior to having the Main page communicate to the server to keep the session alive.

o6tech 2010-08-30 18:52:04

iFrame has standard html it might have some AJAX not sure but no Flash.I want to keep the session of the 3rd party iFrame and my header in sync. If there's activity in the iFrame I would like portal site (header) session to get extended.I was coming to the same conclusion. So would you say the only way to do this is to look at the content of the iFrame and if it changes extend the portal (header) session timeout? If that is the case do you know how I can look at the iFrame content?

Tigran 2010-08-30 21:04:06

I've added a quick example (uses JQuery) that will check the content of the frame's BODY tag and save it on the main page. Simply run this in a timer and it should get the job done. I'm not sure of the nature of the 3rd party iframe, but you may be able to get away with just comparing the SRC if it changes often or comparing the length of HTML.

o6tech 2010-08-31 14:17:36

ansaurus

tags:

views:

answers:

3rd party app in an iFrame must keep header/top frame session alive

related questions