PHP session is not working in IFrames in IE browsers
Recently I have faced an issue with session in IFrames in IE Browsers. The issue is like session is not sharing between pages inside iframe particularly if you are accessing it in a different domain. The script will run smoothly without the iframe, but when i use the iframe in IE and safari it doesn’t work properly. This is because cross site scripting(XSS)
IE is very particular when it comes to “cross-site/cross-directory” linking in iFrames and sessions. If the iFrame contains or calls a script from a different directory then IE does not always pass the session header information. If the contents are called from another domain then absolutely it will not work.
I have eliminated the issue with some workaround. My workaround is as follows.
- If you notice the iframe SRC in IE browser, you can see that the URL is not modifying when you move to another page. It will remain as it is and you will not be able to pass any new parameter. I have take this as an advantage and created one token and append it to the initial SRC. It is as follows.
<iframe src=”http://www.example.com/?token=<?php echo md5(uniqueid()); ?>” > </iframe>
- I have created a table for storing session and top of each page i am checking whether the token is exist in database. If it is not exist i am inserting it as a new entry in table. Here token is primary key and session is storing as a serialized object using php serialization function.
- In each page i will get the same token from iframe src and i am checking the same exist in db. If exist in db fetch the serialized session, unserialize it and assign back to session.
I don’t know is there any other good solution exists other than this.