Answer:
It turns out that IE does not allow pages loaded in an iFrame to place cookies, which prevents me from storing a SESSION cookie to identify the users. The only way to prevent this is by implementing a P3P policy as explained by user Piskvor: Cookie blocked/not saved in IFRAME in Internet Explorer
Question:
I have a problem and have no idea why it's happening.
I have a page on domain1.net with a bit of javascript that scrapes a value from that page and then adds an iframe to that page with an src of a different domain like http://www.domain2.net/login.php?id=123
. The login.php takes the id from the url, starts a PHP session and logs the user in by setting a $_SESSION['id']
(please don't comment on how unsafe it is, it's a bit more complicated than that). If there is no id set in the url it returns a page telling the user to log in.
This all works fine on Chrome and Firefox but IE only show the "Please log in" page. If I then open the login.php?id=123
page in a different tab it will log in, and if I then refresh the page on domain1.net it will show the user is logged in in the iframe.
Could someone shed some light on this? It seems like IE ignores the GET value in the url of the iframe.
For reference, this is my code on domain1.net:
<script type="text/javascript">
$(document).ready(function() {
$.get('http://www.domain1.net/base/header', function (response, status, xhr) {
var iframeid = response.match(/Profile\/Detail\/(.*?)"/);
if (iframeid) {
theid = iframeid[1];
document.getElementById("addiframe").innerHTML = "<iframe src=\"http://www.domain2.net/login.php?n=" + theid + "\" width=\"100%\" height=\"3000\" frameborder=\"0\" id=\"braintrainer\"></iframe>";
} else {
document.getElementById("addiframe").innerHTML = "<iframe src=\"http://www.domain2.net/login.php?logout\" width=\"100%\" height=\"3000\" frameborder=\"0\" id=\"braintrainer\"></iframe>";
}
});
});
</script>
<div id="addiframe"></div>