iframe 中的 laravel 应用程序不断刷新 session

Question

Our website https://www.diamir.de is build with laravel. when we try to load the site in an iframe on another domain, the session is regenerated with every request. the session cookie is send to the browser. but it seems laravel is not able to read it on the next request and therefore regenerates the session.

how can we enable sessions when the site is loaded in an iframe on another domain? is this even possible with the security settings in modern browsers?

thanks.

Answer 1

iFrames are largely locked down windows to view other content inside your website. They were a useful way of hacking things into sites, but have been replaced in a lot of scenarios.

For your particular scenario, showing the site fully on another domain, there are other, better ways to reference the same site from multiple domains.

Personally, I'd redirect in most scenarios, all where an iFrame would work. This results in a user going to any secondary domain, and being redirected to the primary domain. Usually done with a 301 permanent redirect.

However, the one occasion where I need the site sitting on multiple domains is when the site is themed on other domains. In a lot of these cases, it's preferable to fork the site and make changes as needed, but in those that need the same code base and just a theme over the top, I'd simply have the server (Apache, NGINX, or any other server) listen to multiple domains all serving the same site .