CSP sessions with frames and https

We have an web application accessed using https, that uses CSP technology with frames.

The initial 'login' is via a single CSP page, which then redirects to another CSP page which creates the frames (4 in all) and loads a CSP page in each of those.  For the most part the frames load without error, but sometimes when logging in and sometimes while using the system ' 5916 Illegal CSP Request ' errors occur.

I say 'login' in inverted commas as a Cache login is not performed just an application login, I don't know if that's relevant so thought I'd mention it.

I presume the errors are connected to using frames, as we do have a non-framed version of the application where we don't get those errors occurring. There are currently still some issues with the non-framed version of our application which is why most of our customers haven't moved to that version.

I have read some old posts on the google group Cache forum about issues with frames/https and CSP sessions, where it seemed to be saying that multiple sessions could be created with separate tokens and end up causing confusion, but if you logged in via a single frame CSP page and load the frameset after it should mean just one session is created and maintained.

Am I understanding the workings correctly? Does anyone have any ideas you have any ideas for eradicating the errors for the frame using customers? Could the errors be influenced by slow network response?

Our customers are on quite an old version of Cache for UNIX (IBM AIX for System P5-64) 2010.2
In case it has a bearing.

thanks

Wendy