I’m experiencing a weird situation… I’ve taken it down to a very simple example script:
I have the following code on site https://SITEA/frametest.cfm:
<frameset rows="300,*">
<frame src="frameContent.cfm">
<frame src="https://SITEB/frameContent.cfm">
</frameset>
That means, that the upper frame content is served locally from SITEA; the lower frame content is served from another server; over https.
On both servers, there is the same frameContent.cfm; very simple like this:
<a href="frameContent.cfm">load again</a>
<cfdump var="#session#">
<cfdump var="#cookie.cfid#">
On the local server (top frame) the session is created once and then when I click on “load again” it’s always the same (session.sessionid). cookie.cfid always stays the same.
But… the lower content served from a remote server over https always creates a new session when clicking on “load again”. cookie.cfid keeps the same value as on the top frame.
Any ideas what’s going wrong? Why there’s a session created on every reload of the content? - only in framed situation? When I call https://SITEB/frameContent.cfm directly in a browser tab, the session always keeps the same; problem occurs only when serving in frames…
Lucee-Version: 5.3.7.48