Found a way to fix this. If I pass the CFID and CFTOKEN on the URL then it is
able to keep the session variables.
form name=testform action=page2.cfm?CFID=#CFIF#CFTOKEN=#CFTOKEN#
method=post
I did think these parameters where pass on the URL anyway, but not from inside
this framset.
Brian Knott
Ph: 07 313 52618 | Ext: 52618 | Mob: 0404 319078
-Original Message-
From: cfaussie@googlegroups.com [mailto:cfaus...@googlegroups.com] On Behalf Of
Kym Kovan
Sent: Monday, 25 October 2010 4:06 PM
To: cfaussie@googlegroups.com
Subject: Re: [cfaussie] Sessions problem with IE8
On 25/10/2010 15:41, KNOTT, Brian wrote:
That would be great. Thanks Kym
and the reply was mainly unprintable about Microsoft :-)
Its all to do with click-jacking and the IE8 security now does not allow
X-site stuff on almost anything so legit frameset stuff is no longer.
Apparently the clubsonline stuff does not use sessions very much so they
worked around it until they had time to fix. Guess who just got
volunteered to sort it out! :-)
http://blogs.msdn.com/b/ieinternals/archive/2010/03/30/combating-clickjacking-with-x-frame-options.aspx
and
http://blogs.msdn.com/b/ie/archive/2009/01/27/ie8-security-part-vii-clickjacking-defenses.aspx
--
Yours,
Kym Kovan
mbcomms.net.au
--
You received this message because you are subscribed to the Google Groups
cfaussie group.
To post to this group, send email to cfaus...@googlegroups.com.
To unsubscribe from this group, send email to
cfaussie+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/cfaussie?hl=en.
This e-mail is sent by Suncorp-Metway Limited ABN 66 010 831 722 or one of its
related entities Suncorp.
Suncorp may be contacted at Level 18, 36 Wickham Terrace, Brisbane or on 13 11
55 or at suncorp.com.au.
The content of this e-mail is the view of the sender or stated author and does
not necessarily reflect the view of Suncorp. The content, including
attachments, is a confidential communication between Suncorp and the intended
recipient. If you are not the intended recipient, any use, interference with,
disclosure or copying of this e-mail, including attachments, is unauthorised
and expressly prohibited. If you have received this e-mail in error please
contact the sender immediately and delete the e-mail and any attachments from
your system.
If this e-mail constitutes a commercial message of a type that you no longer
wish to receive please reply to this e-mail by typing Unsubscribe in the
subject line.
--
You received this message because you are subscribed to the Google Groups
cfaussie group.
To post to this group, send email to cfaus...@googlegroups.com.
To unsubscribe from this group, send email to
cfaussie+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/cfaussie?hl=en.