As modern browsers are restricting how cookies are stored, the “Lax” default setting for the SameSite cookie property can cause problems with the Session Connection Security Cookie and other FVTerm cookies. This is if the FVTerm session is inside an iFrame hosted in a page that has no domain relationship with the FVTerm server. Normally this is OK as the iFrame runs in its own space, but if a cookie’s SameSite property is not set to “None” the session key cookie fails and a session will not properly connect.
If you want to be able to load FVTerm in an iframe hosted in another page, and have secure session keys, you will need to set the Session Connection Security to one of the Enforced HTTPS options, set the SameSite setting to “Mode=None” and only connect with HTTPS.
Value |
Description |
Lax Mode |
Session Key and other cookies work OK except when the FVTerm session is in an iFrame. (default) |
Mode=Strict |
Mode is Strict--Generally for FVTerm same as Lax--cookies will not work causing issues if FVTerm is in an iFrame. |
Mode=None
|
Only way to have cookies work when FVTerm is in an iFrame--Session Connection Security must enforce HTTPS... |
