The Cookie Monster
While recently developing a web application, I came across an interesting problem that I haven't seen before. Part of our application uses session cookies to keep track of data. One cookie is actually set by ASP.net forms authentication, and we set a few others of our own. Initially we had no problems with using these variables......
Then entered the fraameset.....
We recently had a user that was entering our site through a fraameset. They had one of the fraames pointing to our site, and they said the site was unusable. After setting up a quick test and tried to log into our site (which sets the authentication cookie), I kept getting redirected back to the login page which kind of hinted that the cookies were not being kept around. I then found a knowledge base article, and found out that this was a design feature with Internet Explorer, http://support.microsoft.com/default.aspx?scid=kb;EN-US;323752
The problem arises when you have a fraame set in which the fraame points to a different website that uses a different top level domain. In my test I had the fraameset hosted site.com, and one of the fraames pointed to mysite.com.
I took the easy solution that the KB article mentions and added the HTTP header to IIS and the problem was fixed.
BTW, I did not spell fraameset or fraame wrong. The .text engine would not let me post with those words in the message.