Loss of asp.net session in popup. Only in IE and only for some users

Question

Loss of asp.net session in popup. Only in IE and only for some users

I have an asp.net webpage with a built-in iframe. From inside this iframe, I call window.open to open a popup. The pop-up URL is absolute, but within the same domain.

About 1% of users using Internet Explorer (multiple versions) lose an asp.net (null) session object in a popup window.

I tried to collect customization information to identify the template from a user group, but with no result. The theory was that they were all Citrix customers, but that was not so.

Has anyone experienced something similar and solved it?

0

javascript asp.net session iframe

lox May 11 '12 at 12:02

source share

3 answers

sisve · Answer 1 · 2012-05-11T12:10:49+0000

I assume that your site does not have a valid P3P header that determines how you track users, so IE will not redirect the [session] cookie with http requests.

You can verify this by adding an example P3P header to web.config. You will need to find out what the different tokens mean, and if this sample header matches your use case or if you need to create your own.

<system.webServer> <httpProtocol> <customHeaders> <add name="P3P" value="CP=&quot;NON COR CUR OUR BUS NAV&quot;" /> </customHeaders> </httpProtocol> </system.webServer>

Bart de kort · Answer 2 · 2012-06-01T14:36:24+0000

For us, ASP.NET: browser pop-ups and session cookies had a corresponding response. In our case, the Jetty web server is used, so be careful what you filter.

Launching a browser from a “regular” desktop shortcut with a link to a website. With IE8. (I did not find the link to MSDN, but I think it is only Windows XP.) Note. Citrix users are often forced to use desktop links. Thus, this can solve the Citrix problem.

There are more similar questions here. You checked all the posts here on stackoverflow, including:

IE8 plays cookies in pop-ups (which was also suggested as an answer to a similar problem regarding IE7: ASP.NET 2.0 Session variables lost in pop-up in IE 7 when deployed to a server )
IE8 loses cookies when opening a new window after redirecting (also mentioned in the first question) is a problem when a popup is opened from a modal popup or converted. IE 8 beta release, so it probably doesn't matter.
IE8 will lose session information (an error in the java library may also not be relevant)

If I had to summarize:

There are many problems that asp.net seems to contain. Try viewing them.
You say that certain versions of Internet Explorer are not affected. This means that you can look for various problems for different versions of IE.
a) I think stackoverflow should have more answers.

Berggreendk · Answer 3 · 2013-01-14T18:58:05+0000

Follow the recommendations here: http://www.w3.org/P3P/details.html

You must create your own P3P policy.

As an example, if you add this to your Global.asax, it works in IE8:

 protected void Application_BeginRequest(object sender, EventArgs e) { HttpContext.Current.Response.AddHeader("p3p", "CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\""); }

BUT!!! don't just copy the example above, as the policy should reflect your actual privacy policy on your website. Otherwise, this may have consequences later when the browsers confirm your content / behavior compared to what you specified.

Nobody wants to get blacklisted from certain browser providers, right?

Loss of asp.net session in popup. Only in IE and only for some users

More articles: