Reputation: 53
ASP.NET MVC Session gets reset after using RedirectToAction within iframe
I have an ASP.NET MVC application (say, App_A) and another ASP.NET application (say, App_B). App_B has an iframe that loads App_A within it.
The code on App_B looks something like this:
iframe.Attributes["src"] = frameURL;
where frameURL is a variable containing a link to App_A.
When the iframe loads the URL and the index() method on App_A gets invoked, I'm setting a value in session Session["CartID"] = 373895 and I'm using RedirectToAction("Shipping"). But within the Shipping() action method, the session seems to be null. The code that sets the session variable and calls RedirectToAction() are within the iframe.
A similar issue that I encountered previously on Safari browser:
This has been working fine for the past 2 years without any issues. Previously, I was only having CORS issue on Safari browser. Since the websites on the parent window and the iframe were from different domains, I was not able to retain session values within iframe after redirection as it was getting reset. To fix this on Safari, I had to load the iframe site (App_A) on the parent window, set a cookie and then redirect back to the parent website and load App_A within iframe again. This allowed me to retain session values even after redirection. Now that I have a similar issue on Chrome, Firefox and Microsoft Edge, I tried the same fix that worked for Safari (as described above) but I'm still unable to retain session values on Chrome and other browsers.
Some debug information:
I tried debugging this and I added Session_Start() method to the Global.asax file and it gets hit twice, once before and once after calling RedirectToAction("Shipping"). The SessionID is also different before and after calling RedirectToAction("Shipping").
This issue occurs only when I run App_A from my local machine. When I try it in our production site, it works fine without any issues. Also, when I load App_A on the parent window, it retains session values without any issues. That is, on App_B I replaced storefrontiframe.Attributes["src"] = frameURL; with Response.Redirect(frameURL); and when App_A gets loaded on a new window, the session values are being retained without any issues.
I'm not sure why my session values are being cleared all of a sudden after calling RedirectToAction(). Any help would be greatly appreciated.
Upvotes: 5
Views: 5884
Answers (1)
Reputation: 136
I had a similar problem and was able to solve it by adding a "cookieSameSite" attribute with "None" as value to the sessionState node in the Web.config. Something like this:
<sessionState cookieSameSite="None" timeout="60" />
Upvotes: 10
Related Questions
- Session variable is lost on RedirectToAction in IE
- Session Variable is null after using RedirectToAction
- Session Variables not saved when page is in an iFrame
- Asp.Net MVC 4 App - Sending Request Within iframe Cleared SQL Server Session
- Session is reseting on RedirectToAction across controller
- Asp MVC session lost after RedirectToAction
- ASP.Net Session losing after iframe post
- Session ends randomly after redirect
- Session cleared after RedirectToAction in IE?
- MVC3 destroying session on redirecttoaction