Shubhanshu Mishra Shubhanshu Mishra - 1 year ago 279
Javascript Question

Report viewer gives session expired in an iframed provider hosted app in IE

I am working with provider hosted app using MVC with JQuery and have a requirement to show Provider Hosted App in an iframe in a SharePoint page to make it look like it is integrated in SharePoint. This application contains a report viewer(version which is showing ' session has expired or could not be found' when viewed in IE10 or higher. This app in a SharePoint page works fine when viewed in any other browser(Chrome, Mozilla) but not in IE.


  1. When the application is running directly in the Browser i.e.without using iframe, it is working fine.

  2. When the Sharepoint page is viewed after opening the application directly in the browser i.e. in different tab, it works without any error.

  3. But when viewed opening browser for the first time and no instances of the application are opened directly in the browser, it shows the error:
    ' session has expired or could not be found'

Things already tried:

  1. Increasing timeout for iframe as well as application in web.config file.

  2. Setting report Viewer's KeepSessionAlive and AsyncRendering to false as well as true.

  3. Reporting server timeout and all configurations.

  4. Using sessionMode to InProc, SQLServer.

  5. setting cookieeLess to true.

None of these are working for my scenario and I am struggling with this for a week. It seems like some registering problem at the first time and when the application is directly opened it gets registered and works. Any help will be highly appreciated.

P.S.: I have registered the report viewer in web.config file.


Answer Source

So guys finally i fixed my own issue. Thanks to the hint provided by mwwallace8 in the comments.

Problem: IE doesn't allow us to store third party session data in the form of cookies. This is because it gives lower level of trust to iframe pages, thus no session data for iframe will be stored in cookies. So when we submit the form and make a post call the server doesn't receive any session data in the request and thinks that it is the first request. This process generates a new Session ID and sends it back in the response. When the response comes back, the Session ID in the response and the is the new one and it thinks that the previous session expired.This generates the above problem.

Unlike when we open the application directly in the new tab, it takes it like first party and stores its session data in the form of cookies. Because of this once we open the app in new tab directly, everything was working flawlessly.

Solution: IE needs P3P headers(Platform for Privacy Preference Project) to authenticate the session running in the iframe. This header will tell about what is the intent of the iframe session and what kind of data it will take from browser cookies. It is kind of swiping the Access card before entering in an IT company. So the question is how to generate this P3P header? The answer is here: Go to web.config file and add this code in Configuration tag

        <add name="p3p" value="CP=&quot;IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT&quot;"/>

This will create a header certificate i.e. P3P header certificate which will authenticate the iframe session data to get stored in the browser cookies.

To know what these value actually means, go to This Link. You will find a whole lot of information about P3P headers in here.

Hope this might help someone.