Iframe apps destroy session state

Jul 21, 2008 at 11:03 PM
My app is an Iframe app, and I'm using server-side session variables to store information about the user's current state.  However, what I'm finding is that, when I do a redirect from one page to another, the session variables disappear.  So, in other words, I start out on Page A, where I add a variable to the Session[] collection.  Page A will redirect to Page B, and Page B will check the Session[] collection for the variable.  On Page B, I find nothing in the Session[] collection.  I should mention that I've tried both server-side and Javascript redirects.

What's strange is that this behavior seems oddly browser-dependent.  I can reproduce the bug reliably on IE/PC.  The bug never occurs on Firefox/PC.  The bug reproduces consistently on Firefox/OSX.  The bug reproduces inconsistently on Safari/OSX, and this is where it gets a little weird.  The other guys in the office who have been helping me test have had no problems on Safari/OSX.  However, a few others who brought their laptops in to test using Safari/OSX get the bug.  So perhaps this has something to do with what version of Safari they're using.

I'm thinking that, for whatever reason, Facebook is interfering with .NET's session cookie.

I know that .NET doesn't have a problem with maintaining session state within an IFrame, because I've already tested this outside of Facebook.  I created a blank page that hosts an iframe, and the iframe loads a script that sets a session variable on Page A and then does a redirect to Page B.  When I get to Page B, I can access the session variable without any problems.  So I'm thinking that it has to be something Facebook-specific.

In any case, I figured that this might be something that others have run into before.  If you have any ideas, please feel free to share.

Thanks for your help.
Jul 21, 2008 at 11:24 PM
I use just straight cookies. I've had problems where IIS wasn't saving .NET sessions between pages before but that was on a different site and not related to Facebook.