Spring Security problem with IE8 and frames (on GAE, if that's relevant)

I've got a Spring 3.0.2 app using Spring Security for authentication that works just fine for all browsers tested, EXCEPT...

I'm using Google App Engine and so ended up with one of those horrible xxx.appspot.com addresses for the project. So, I'm using domain forwarding from GoDaddy, which essentially means my original app is housed inside a frame. It's a bit ugly, but it works for Firefox, Chrome and Safari, just not IE. I don't need to support any IE except IE8.

I'm using a login.page with a LoginController, and can see that the authentication request is going through the controller but even if I just mark the user as authenticated a开发者_开发知识库t that point (which I do for a 'casual browser' role) they are still locked out of the app and re-presented with the login page.

Facts that may be relevant: I'm using 'remember-me' and the 'disable-url-rewriting' attributes, and have made sure that my error and 404 pages are available to unsecured users.

I'm kind of at a loss here. Right now my only option appears to be to add some frame-breaking javascript for IE, but that pretty much stinks.

Thoughts? Please!

Have you tried adding return false to your js event like this?

$('#btn-login').click(function(){
    $("#loginForm").submit();
    return false;
});