views:

4286

answers:

5

I am building a Facebook Connect application that runs inside a Google gadget. Being a gadget means that the application runs inside an iframe. Inside the application, there is a form that allows registered users to post comments. The submission is made using AJAX, but I get the same results with a normal form. The problem is that I need to get the user's facebook id. In Firefox, it works fine, but on Internet Explorer 7, I get the following error:

 'A session key is required for calling this method'

I believe that this is due to the way IE handles third-party cookies, because if I go to Internet options / Privacy / Advanced, and check Override automatic cookie handling and accept all cookies, it works fine. I cannot pass the Facebook id from the javascript, because anyone could tamper it.

EDIT: If I open the content of the iframe directly, the app works fine. The problem is really due to the IFRAME and IE security model.

What am I doing something wrong? How can I work around this problem?

A: 

any of this helps?

Juan Manuel
I'm not using offline access. My problem is really related to the use of IFRAMES and IE security. Thanks anyways
Antoine Aubry
+1  A: 

I found a work-around that works, although it is a bit ugly: when the user clicks the 'login' button, it opens a popup that comes from my own site and which contains the Facebook Connect login button. After the user logs in, I close the popup and reload the iframe.

This is really ugly because It opens two popups, but at least it works. I will detect whether cookies are enabled using javascript and if they are enabled, I will skip the first popup.

I'm still open to better solutions...


Edit: Facebook now uses a "fake" popup inside my popup, instead of opening another window. Now I only have one popup which is ok for me.

Antoine Aubry
+3  A: 

Have you tried adding a P3P policy ?

If the response setting the cookie has a compact policy, IE will use this to determine whether or not to allow the 3rd party cookie..

markt
Hi, I didn't know about that. I will investigate. Thanks a lot!
Antoine Aubry
+1  A: 

I solved the same problem by modifying how I check if the user was logged in on the PHP page following a FB connect login.

So, they login to FB Connect with IE7. Next and subsequent page loads where I need to verify they are indeed logged into FaceBook I used the following code (note that $facebook->require_login() and other functions did not work - they returned null only in IE 7):

// Validate from Facebook that session is valid and user is logged in. require_once 'facebook/facebook.php'; $facebook = new Facebook(YourAppsAPIKeyPublic, YourAppsAPIKeySecret); $facebook->api_client->session_key = $this->userAPISessionKey; $fb_user_id = $facebook->api_client->users_getLoggedInUser();

The $fb_user_id should now have a valid FaceBook user ID.

Regarding privacy policy and facebook connect + IE 7:

Although this didn't work for me it appears to work for others. in HTAccess:

Header append P3P "CP=\"HONK\""

or in PHP files:

header('P3P: CP="CAO PSA OUR"'); or header('P3P: CP="HONK"');

reference: http://forum.developers.facebook.com/viewtopic.php?id=28636

ASP.NET: protected void Application_BeginRequest(Object sender, EventArgs e) { // HttpContext.Current.Response.AddHeader("p3p", "CP=\"CAO PSA OUR\""); }

A: 

you may want to see this thread also, which is created under facebook developer platform

http://forum.developers.facebook.com/viewtopic.php?id=452

Aykut