I am working with provider hosted app using MVC with JQuery and have a requirement to show Provider Hosted App in an iframe in a SharePoint page to make it look like it is integrated in SharePoint. This application contains a report viewer(version 10.0.0.0) which is showing 'Asp.net session has expired or could not be found' when viewed in IE10 or higher. This app in a SharePoint page works fine when viewed in any other browser(Chrome, Mozilla) but not in IE.
So guys finally i fixed my own issue. Thanks to the hint provided by mwwallace8 in the comments.
Problem: IE doesn't allow us to store third party session data in the form of cookies. This is because it gives lower level of trust to iframe pages, thus no session data for iframe will be stored in cookies. So when we submit the form and make a post call the server doesn't receive any session data in the request and thinks that it is the first request. This process generates a new Session ID and sends it back in the response. When the response comes back, the Session ID in the response and the is the new one and it thinks that the previous session expired.This generates the above problem.
Unlike when we open the application directly in the new tab, it takes it like first party and stores its session data in the form of cookies. Because of this once we open the app in new tab directly, everything was working flawlessly.
Solution: IE needs P3P headers(Platform for Privacy Preference Project) to authenticate the session running in the iframe. This header will tell about what is the intent of the iframe session and what kind of data it will take from browser cookies. It is kind of swiping the Access card before entering in an IT company. So the question is how to generate this P3P header? The answer is here: Go to web.config file and add this code in Configuration tag
<system.webServer> <httpProtocol> <customHeaders> <add name="p3p" value="CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT""/> </customHeaders> </httpProtocol> </system.webServer>
This will create a header certificate i.e. P3P header certificate which will authenticate the iframe session data to get stored in the browser cookies.
To know what these value actually means, go to This Link. You will find a whole lot of information about P3P headers in here.
Hope this might help someone.