I'm working on an iframe-based canvas application and have run into a major roadblock in finding a good way to keep track of the Facebook session when navigating between pages within the iframe. On the first page load, the Facebook page passes all the necessary fb_sig
parameters to your callback URL via the query string. On subsequent page loads (after clicking a link in your app, for example), it seems you must do one of the following to retain the Facebook session details:
Use
target="_top"
on links and reload the entire Facebook page with each request. That way a fresh set offb_sig
parameters are passed in when the iframe is loaded. But this incurs the cost of loading everything outside the iframe every single time you change pages.Manually append all the
fb_sig
parameters you received from the first page to the URL of all additional pages. This is pretty ugly, and will leave you with outdated information that may no longer be accurate. You continue to use the first values you received from Facebook, but those values may have changed since then (such as the user logging out or the session key expiring) and you'd have no way of knowing.Store the information in a cookie and somehow check for new values on each page load, refreshing it if necessary. I've seen this technique mentioned in several places, but after days of looking, I have not found a single example of how to actually do this. Perhaps the PHP client library does it for you automatically, but my application uses Perl and the
WWW::Facebook::API
module, and I haven't found anything in it that addresses this. I've also read that this technique runs into issues with certain browsers (Safari in particular) that don't allow you to set cookies within an iframe unless its domain matches the parent frame's domain. All of this seems extraordinarily complicated and poorly documented for what is such an elementary and necessary ability for an application (navigating to another page.)
Since I've been unable to find any really useful examples of how to achieve #3, I'm currently leaning toward #1, as unfortunate a compromise as it may be. Has anyone seen a good, complete explanation and example of how to use #3 that works in all major browsers? Figured I'd ask before I give up and go with #1.