function readOnly(count){ }
Starting November 20, the site will be set to read-only. On December 4, 2023,
forum discussions will move to the Trailblazer Community.
+ Start a Discussion

Session is gone after redirect

I have a weird problem with session.

I use a web link to open a ASP.NET web application in a IFrame (instead of openning a new window). there are two aspx pages A and B. A is used to do authentication and create a user session once the user is authenticated. After that A will use Response.Redirect(B), to redirect to page B.

The problem is. the session variable is lost when I do redirect from A to B. as a result the user is never authenticated on B. I know the ASP .NET application works because I tested it in a separate IE window and it is fine.

What seems to be the problem here? I think it has something to do with IFrame.

Hi iliveinhope,

This is a browser security issue.  The cookie for the user session in asp is not allowed when set in an IFrame from another domain.

The way to resolve this is to use a cookie-less session in ASP.NET.  I've attached a sample that does this.

Rename the file to .zip to unzip it.


Hi Dave

I have exactly the same issue. I was looking for your sample code, you had mentioned in the Reply. Could you please let me know where I can get it.


Thanks for your help in advance.

If you can forward the sample to,  or ,  it will be of great help.





To enable cookieless sessions you will need to modify your web.config file to indicate that you want cookieless sessions.  Here is the section from the sample (.NET 1.1 only):
Once you have done this, the web app will not attempt to set a cookie on the user's browser, but will instead include a unique session id in the url.
The gotcha here, and this may be the issue with the original post, is that if you do a redirect or include href values in anchor tags or a form post, you MUST use a relative url.  In the sample, the login page has a url like:
It then wants to do a redirect after a successful login to the leadlist.aspx page.  The redirect needs to be
response.Redirect("leadlist.aspx", false);
Or else .NET will lose the session values.
This is actually broken in the ASP.NET sample on ADN.  I'm attaching a fixed version here.  View the web.config page to see how to make the app use cookieless sessions and the Button1_Click handler in the login.aspx.cs file to see the redirect code.
NOTE: Save the attachment to your file system, then change the extension to .zip.