04-24-2006, 09:05 PM
A third party website, non-ssl, is trying to create a page that frames my website, https://www.duat.com, but the session cookie that I generate when the user logs in is getting lost. This appears to be an IE-specific problem, Firefox doesn't have a problem with the cookie. Is there something IE-specific about a non-SSL site hosting a frames page that includes an SSL site? Additional info: if "https://www.duat.com" is added to IEs trusted sites list the problem goes away. Also, the problem goes away if the secured site hosts the frames page, instead of the non-secure site hosts it.
04-24-2006, 09:32 PM
04-24-2006, 09:49 PM
We actually had code in our HTTPS site to keep 3rd parties from framing our site, but we removed it because we WANT this 3rd party to frame us. The problem is that when they do frame us the session cookie we generate doesn't work, or something about the browser is not using the cookie as it should.
04-24-2006, 09:56 PM
I see. Bummer. Give this a shot: http://support.microsoft.com/default.aspx?scid=kb;en-us;323752