I would like to allow the user to be "logged in" and maintain state / logged in status between pages within an iframe. The iframe content is ours, and will be hosted on various clients' websites.
Since the usual session cookie will most likely be blocked as a third party cookie I am trying to find a suitable way to do this.
I am considering always passing ?PHPSESSID=x in the query string for each relevant url as a workaround.
Is this considered bad practice and are there any risks involved?
Aucun commentaire:
Enregistrer un commentaire