sessions in an iframe
Hello, I am using a session object to store a query string. The query string is used for a reload of the same query with two parameters changing their value when the user reorders a table column. This works fine under Zope 2.9.3 in Mozilla. The page on which this query string is stored en taken up again is in an iframe. The iframe html resides on a Zope server, the parents website's computer is a different one, but in the same domain. Now under Firefox the session object still can be referenced, but in Internet Explorer the page in the iframe does not reference the session object properly. It once records it and then adds the changing parameters to it,doubling them and making the SQL query run into an error. The url is: http://www.volkstellingen.nl/nl/gemeenten/ where after a search you can reorder table columns by clicking on the headers. The problem does not occur in IE when the page is used on its own, only when it is used in an iframe. The question then is: can it be that IE restricts the session behaviour in this situation? How can I solve it? Here is the code in a PythonScript, that is called in the search results html page. directionDict = {'gemeente':'gm_direction','provincie':'prov_direction', 'begindatum':'bd_direction','einddatum':'ed_direction','amsterdamse_code':'ac_direction'} if request.SESSION.has_key('firstquery'): if request.has_key('sort'): #user sorts column without a new query if request.richting == 'ASC': value = directionDict[request.sort] request.set(value, 'DESC') #put all other columns on ASC for k,v in directionDict.items(): if k != request.sort: request.set(v, 'ASC') else: value = directionDict[request.sort] #put all columns on ASC for v in directionDict.itervalues(): request.set(v, 'ASC') else: #user does a new query, session object exists del request.SESSION['firstquery'] query = request.QUERY_STRING first = request.SESSION['firstquery']=query for v in directionDict.itervalues(): request.set(v, 'ASC') else: #first query query = request.QUERY_STRING first = request.SESSION['firstquery']=query for v in directionDict.itervalues(): request.set(v, 'ASC') -- Henk Laloli
henk laloli wrote at 2006-6-12 09:46 +0200:
... The problem does not occur in IE when the page is used on its own, only when it is used in an iframe. The question then is: can it be that IE restricts the session behaviour in this situation? How can I solve it?
IE has nothing to do with the session behaviour directly. Session handling is a server side thing and IE is doing client side staff. However, IE needs to pass on the session id. Usually, the session id is managed in a cookie. It might be that IE does not pass the cookie into the "iframe". Please read the "cookie spec" (on the Netscape site) to check whether IE should pass the cookie (this can be controlled by the "path" and "domain" parameters when the cookie is created). If it should, check the IE bug reports for potential cookie problems related to "iframe"s. -- Dieter
Dieter Maurer wrote:
henk laloli wrote at 2006-6-12 09:46 +0200:
... The problem does not occur in IE when the page is used on its own, only when it is used in an iframe. The question then is: can it be that IE restricts the session behaviour in this situation? How can I solve it?
IE has nothing to do with the session behaviour directly.
Session handling is a server side thing and IE is doing client side staff.
However, IE needs to pass on the session id. Usually, the session id is managed in a cookie. It might be that IE does not pass the cookie into the "iframe".
Please read the "cookie spec" (on the Netscape site) to check whether IE should pass the cookie (this can be controlled by the "path" and "domain" parameters when the cookie is created).
If it should, check the IE bug reports for potential cookie problems related to "iframe"s.
Thanks, Dieter, your comments make me realize the problem clearer. The iframe's domain name does not conform to that of the parent window. So, it will not pass that test. As far as IE is concerned it is a third party cookie and many IE browsers clients will block it. There is no elegant solution to this. Asking the user to change the privacy settings would be an option. Storing the query string in the parent window would be another solution. -- Henk Laloli
henk laloli wrote at 2006-6-13 12:13 +0200:
... Thanks, Dieter, your comments make me realize the problem clearer. The iframe's domain name does not conform to that of the parent window. So, it will not pass that test. As far as IE is concerned it is a third party cookie and many IE browsers clients will block it. There is no elegant solution to this. Asking the user to change the privacy settings would be an option. Storing the query string in the parent window would be another solution.
You can pass the session id as URL parameter into your "iframe". -- Dieter
participants (2)
-
Dieter Maurer -
henk laloli