Web panel with session problem
We are setting up an webpanel with an external site. The site works fine in a separate window, in an iframe on some test page, but not in a SO Online-webpanel.
The site is displayed and functioning without problems apart from the sessions. The page is build with PHP and the sessions are standard PHP sessions.
Did we do something stupid, or is this a knwon problem/limitation ?
All Replies (5)
If you look into the browser developer console when loading the webpanel within SuperOffice, do you see any errors or warnings there about cookies being blocked? Since you are loading an external website inside SuperOffice, it could be that the cookies (that for example store the PHP session id) are seen as 'third party' and are blocked.
No such things, I checked that all blockers of all sorts are turned off.
Hi!
You website needs to be HTTPS, and if it has a session, will need to set SameSite to None.
Also, verify you do not have any implicit Content Security Policy set that would prevent the site from being shown in an iFrame.
Thanks Tony,
it is https and it shows and works nicely. It is just that the PHP-sessions are note read. The session cookies are created serverside, but it is not recognized. I'll look into the SameSite-thingy. We didn't set it deliberately, but it may be set as default.
I tried to paste the 10-line test program here, but it wasn't allowed.
It certainly looks like is it an issue with SameSite. PHP seems to ignore the session.cookie_samesite = "None" - directive, but that will probably be some good, well hidden reason for that. Thanks for putting us on the right track !