Advanced session management in iframe


Hey, I made a website where people can buy instrumentals. And I made a store widget which can be embeded on another websites. Cart mechanism works up on play session. But it works only with cookies, so in some browsers it is not allowed to set cookie inside iframe from different domain. My idea is to pass session with GET or POST parameter in each request, how can I achieve that?

(Rich Dougherty) #2

Are you asking how to receive parameters in GET and POST requests or are you asking how to render client-side content that GETs and POSTs the parameter?


I’m asking how to move session storage from Cookie to GET or POST parameter, or at least to custom Header as alternative without any changes in controller code, so interface will be the same. The only idea I have is to parse request param in action composition and set session variables

(Rich Dougherty) #4

You can use action composition like you said or a filter. If you use a GET parameter you may have to update your routing code and action methods to accept a parameter. If you use a POST parameter you can parse the body in your action composition or filter code. When you have the value you can set it into the session or maybe use a request attribute.