Session Variables not saved when page is in an iFrame

I have an aspx page with a listbox control. The listbox is populated from a collection that is retrieved from a service when the page loads. When the user selects an item from the listbox the page p开发者_C百科osts back, adding the retrieved objects to the session before reloading. On the reload I use the session objects instead of having to call the service again.

This all works fine until I access the page from within an iFrame. The Session objects are not retrieved when the page is in an iFrame (Session["blah"] is null). This code works perfectly when the page is not in an iFrame.

I am using IIS7 and windows server 2008. Is there anything I need to do in ISS to allow Session variables to be used in an iFrame? Does anyone know of anything else that may cause this to happen?

Thanks, Neil

---

IE gives lower level of trust to 3rd party content loaded in an iframe. This blocks session cookies.

You can solve this by setting a P3P header in IIS:

Name = p3p
Value = CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA"

See Also

• Cookie blocked/not saved in IFRAME in Internet Explorer
• Compact P3P settings with IIS7

---

In my case, the project was .net framework 4.6.1. I've upgraded to 4.7.2 version and added the key below to the web.config

<system.web>
    <sessionState cookieSameSite="None"/>

This way third party Iframe sessions starts working.

Before you do this change, it's better to read this https://learn.microsoft.com/en-us/aspnet/samesite/system-web-samesite

---

Actually never mind, I just cleared out the files in C:\Windows\Microsoft.NET\Framework64\v2.0.50727\Temporary ASP.NET Files and restarted IIS and it was all working

---

As of 2021, Chrome (and maybe others) requires that the cookie is secured.

This can be achieved this way :

<system.web>
  <httpCookies httpOnlyCookies="true" requireSSL="true" sameSite="None" />
</system.web>

---

To enable sessions in iFrames: InterNet Options -> Privacy -> Advanced -> Check "Always Allows Session Cookies"