John Davidson

PHP session cookie in iframe - how to get a session reliably?

0 comments
Message:


It's about an ecommerce project, that is a white label solution and gets embedded into the clients' website as an iframe. Classic approach as in: browser request -> php -> apache -> browser.


The session starts with SameSite: none as well as secure. These settings are fine for Firefox and Chrome(-ium based) browsers at the moment. Safari on the other hand is dismissing the cookie as soon as "Prevent cross-site tracking" is activated - which unfortunately seems to be the default setting.


Right now the starting page is creating the session. After page load, I'll query a second script via AJAX to get the session name. If both strings are equal after the AJAX call, it's fine and the cookie has been placed.


There is no additional fuss, as of trackers or anything alike. Just the good ol' plain PHP session. I don't understand, why this could cause any problems to anyone to justify declining the cookie.


Long story short: what other options are left? A shop without session isn't fun. PHPSESSID as a GET parameter isn't fun, either. Anything I'm missing here?



My Answer:
One option you could consider is using a different method for session management that doesn't rely on cookies. One possibility is using URL rewriting to append the session ID to the URL for each request. This way, the session ID is always passed along with the request, regardless of whether cookies are enabled or not.

Another option is to use HTML5 Web Storage (localStorage or sessionStorage) to store the session ID on the client side. This way, the session ID can be retrieved and sent along with each request without relying on cookies.

You could also consider implementing a custom solution using a combination of cookies, local storage, and server-side session management to ensure that the session is reliably maintained across different browsers and settings.

Ultimately, the best solution will depend on your specific requirements and constraints, so it may be worth experimenting with different approaches to see what works best for your particular situation.

Rate this post

5 of 5 based on 3370 votes

Comments




© 2024 Hayatsk.info - Personal Blogs Platform. All Rights Reserved.
Create blog  |  Privacy Policy  |  Terms & Conditions  |  Contact Us