Problem description
Recently, due to interest, a small application of the developer's Web, the application page is embedded on the webpage through IFRAME. After opening the application, you need to authorize the application, renren requests the returned authorization data to my backend using the get method.CodeIn the background code analysis, several important parameters are stored in the session. However, in IE, it is normal to use Chrome instead of setting the session. I used fiddler for debugging for a long time and discussed several methods with my brother. But at first I thought it was caused by the '-' symbol in the URL. I used various encodes, also try. change redirect to server. transfer, but none of them are valid. This problem has plagued me for several days.
Through a large number of searches on the Internet, I found that the IFRAME of IE has some special features. By default, if IE finds that the IFRAME domain is different from the parent page domain, the IFRAME page is prohibited from writing cookies (the session stores a sessionid through the cookie by default ). if you set ie> privacy to a minimum, that is, to accept any cookie, the operation is normal.
Solution
Add a line in HTTP Response Headers of IIS named p3p and set the value to CP = "idc dsp cor Cura ADMA our ind PHY onl com sta"
Reference
1. http://stackoverflow.com/questions/6368750/session-variables-not-saved-when-page-is-in-an-iframe
2. http://aspnetresources.com/blog/frames_webforms_and_rejected_cookies
3. http://support.microsoft.com/kb/283185/zh-cn