How to allow sessions in framesets

As described in this MS article ( embedding web sites in framesets will disable the usage of session variables due to a security issue.
The real question is why you ever wish to embed a website in a frameset, why would you even use framesets. But let’s leave this question aside. I know you have good reasons for doing so.

Fortunately it is easy to allow sessions, but you have to do the change on the embedded website, not the embedding website.

On the embedded website, simply include the following in your Gobal.asax file:

protected void Application_BeginRequest(object sender, EventArgs e)
  HttpContext.Current.Response.AddHeader("p3p", "CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"");

This header tells Internet Explorer that the website does not perform malicous actions with the data from the user. Internet Explorer detects this and allows the coockie from the embedded website to be written.
You can also implement a simpler policy. This should fullfill your needs for writing cookies for sessions:


About briancaos

Developer at Pentia A/S since 2003. Have developed Web Applications using Sitecore Since Sitecore 4.1.
This entry was posted in General .NET and tagged , , . Bookmark the permalink.

1 Response to How to allow sessions in framesets

  1. senthil says:


    I have 2 application
    * IframeApp
    * BookStore

    I access BookStore via iframe in IframeApp.If the user comes from IframeApp then I have add the P3P to header and authenticate the user. I’m able to access all the pages in BookStore . The problem was i’m not able to logout from “BookStore” when ever i looged out from “IframeApp”.

    Thanks & Regrds



Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.