Skip to main content
WolfShade
WolfShade
Legend
September 10, 2015
Question

#SESSION# variables and iFrame

  • September 10, 2015
  • 3 replies
  • 5890 views

Hello, all,

I've got a page that contains an iFrame.  When loading the parent via HTTP, the page loading in the iframe via HTTP can see session variables with no problem.

However, when I load that same parent page HTTPS _and_ the iFrame via HTTPS, the iFrame src page does NOT see session variables set in the parent page.

Both are loading HTTPS, both same domain, same port.

Parent: https://www.domain.com/dbw/tt/index.cfm

iFrame: https://www.domain.com/dbw/tt/contactus.cfm

I'll check CFID and CFTOKEN on both, but I suspect they are the same.  UPDATE:  I can confirm that in my DEV environment, CFID and CFTOKEN are the same for both parent page and iFrame page.

What could be causing this?

V/r,

^_^

    This topic has been closed for replies.

    3 replies

    WolfShade
    WolfShadeAuthor
    Legend
    September 22, 2015

    Is there a chance that there might be a JkEnvVar in mod_jk.conf that should be set?  Just checking.  Our former SA thought of it.

    V/r,

    ^_^

    T
    tribule
    Legend
    September 16, 2015

    We had this issue a few months back with an older <frame> based application. The only thing that solved it was setting setdomaincookies to "true" in application.cfc/cfm and then clearing all browser cookies and trying to load the application again. FireFox would be fine, but IE and Chrome refused to work.

    WolfShade
    WolfShadeAuthor
    Legend
    September 16, 2015

    tribule wrote:

    FireFox would be fine, but IE and Chrome refused to work.

    That won't fly, here.. IE is the internal browser default.  (  Did you ever get it fixed for all browsers?

    ^_^

    T
    tribule
    Legend
    September 16, 2015

    Yes, enabling setdomaincookies was the solution in our case. Have you tried adding it? We were on an old legacy app, with application.cfm so our cfapplication tag looked like this:

    <cfapplication name="testApp"

                   clientmanagement="true"

                   sessionmanagement="true"

                   sessiontimeout="#CreateTimeSpan(0,0,60,0)#"

                   setclientcookies="true"

                   setdomaincookies="true">

    H
    haxtbh
    Inspiring
    September 10, 2015

    Are you using J2EE Sessions? Are you sure there is not elements on the page causing it not to load HTTPS fully? i.e. links to scripts / resources with http:// prefixes. Does this happen on all pages or just the ones you specified?

    WolfShade
    WolfShadeAuthor
    Legend
    September 10, 2015

    Currently, the only page where I am loading an iFrame is this one page.  All script/css links are "/script/blah.js" or "/style/page.css", so the protocol should be the same.

    DEV environment is NOT using J2EE sessions.  I do not have access to CFAdmin in production/staging, but I'll ask.

    V/r,

    ^_^

    Terms & ConditionsAccessibility statement
    Using the community Terms of use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices