Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 4 of 4
  1. #1
    New to the CF scene
    Join Date
    Apr 2006
    Posts
    4
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Internet Explorer Cookie problem when framing a secure page on an insecure page

    A third party website, non-ssl, is trying to create a page that frames my website, https://www.duat.com, but the session cookie that I generate when the user logs in is getting lost. This appears to be an IE-specific problem, Firefox doesn't have a problem with the cookie. Is there something IE-specific about a non-SSL site hosting a frames page that includes an SSL site? Additional info: if "https://www.duat.com" is added to IEs trusted sites list the problem goes away. Also, the problem goes away if the secured site hosts the frames page, instead of the non-secure site hosts it.

  • #2
    Regular Coder
    Join Date
    Mar 2006
    Location
    Connecticut, USA
    Posts
    400
    Thanks
    1
    Thanked 0 Times in 0 Posts
    Is it an option for you to use a frame buster? In other words, use javascript to break out of any frames that an external site wraps around your site? The code is out there and widely available, if that is useful to you.

  • #3
    New to the CF scene
    Join Date
    Apr 2006
    Posts
    4
    Thanks
    0
    Thanked 0 Times in 0 Posts
    We actually had code in our HTTPS site to keep 3rd parties from framing our site, but we removed it because we WANT this 3rd party to frame us. The problem is that when they do frame us the session cookie we generate doesn't work, or something about the browser is not using the cookie as it should.

  • #4
    Regular Coder
    Join Date
    Mar 2006
    Location
    Connecticut, USA
    Posts
    400
    Thanks
    1
    Thanked 0 Times in 0 Posts


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •