I am trying to pop up an iframe from a bookmark whose contents are from my test app. The test app doesn't do much but let me log in and set some session vars. First I developed this using Perl's Catalyst framework, and it worked great. I could log in to the test app in some window, or the iframe, and it would keep the session just fine on 3rd party sites.
Now I needed to do something similar in PHP using the CakePHP framework. For some reason, in every browser the session disappears when the iframe is opened on a 3rd party site. It opens just fine with the logged in session if it is launched on the development site (the same site that the iframe src is on). The CakePHP app is running on a standard Ubuntu Apache 2 install.
I found some docs talking about P3P headers in IE causing these sort of issues, but a) it's in all browsers, and b) I watched with Fiddler and saw the P3P header being sent.
I haven't watched the traffic from the Catalyst app to see what was different. I guess that's my next step, but frankly I've put enough time into this already. Thought I'd ask around and see what I could find out.
Thanks, Nick
