I have a form with a captcha on a web page, this captcha is using (as all capcha I think) SESSION variables to store the value. This form is working with IE7-8 and 9, also with FF, Chrome, Safari etc. but with IE10 I have a problem. If this form is directly called on the webpage of IE10 the captcha code works well, but if this form is called from an IFRAME of another website, SESSION variables are not stored. No way to use SESSION variables in this case.
Any idea ?
iframes are subject to their contents' originating site. Since you're loading the captcha/form from some other site, any cookies set in that frame are locked down to that other site.
e.g. your site is example.com. the iframe comes from foobar.net. Any cookies set in the iframe are restricted to foobar.net and will not be available to example.com.
Firstly, you are confusing sessions and cookies. A session is stored on the server, a cookie on the client. If you have a session you will like have a cookie that identifies your session. So really you're talking about cookies.
You are not allowed to fetch cookies from another domain. It violates the same-origin-policy.
If you control both domains there is a possibility to set up resource sharing (CORS Cross-Origin-Resource-Sharing), but it's not very easy.
This is a known bug in IE10. See bug report.