If I told you a classic asp, or maybe asp.net website had a login page with pages that were not accessible and until you logged in.. what kind of security would you presume and how would cookies and session data factor in that security model? If I told you I needed to "somehow" introduce content under one of the secured pages without modifying the site beyond introducing a link and an iframe (which pointed to a asp.net 2.0 site page on another server) what would be your expected concerns and obstacles? I'm yet to try all this, but I did find this article: http://petesbloggerama.blogspot.com/2007/08/aspnet-loss-of-session-cookies-with.html My initial thought is the calling site will work fine, but how do I secure the called page so that it can't be access except from the secured calling site/page? Also, how can I instruct the calling page/ site that I'm all done and least present a working go back button of some sort. Thanks for any help or information.
