Reputation: 12469
Facebook Connect application inside iframe not working in IE7
I am building a Facebook Connect application that runs inside a Google gadget. Being a gadget means that the application runs inside an iframe. Inside the application, there is a form that allows registered users to post comments. The submission is made using AJAX, but I get the same results with a normal form. The problem is that I need to get the user's facebook id. In Firefox, it works fine, but on Internet Explorer 7, I get the following error:
'A session key is required for calling this method'
I believe that this is due to the way IE handles third-party cookies, because if I go to Internet options / Privacy / Advanced, and check Override automatic cookie handling and accept all cookies, it works fine. I cannot pass the Facebook id from the javascript, because anyone could tamper it.
EDIT: If I open the content of the iframe directly, the app works fine. The problem is really due to the IFRAME and IE security model.
What am I doing something wrong? How can I work around this problem?
Upvotes: 5
Views: 10584
Answers (4)
Reputation:
I solved the same problem by modifying how I check if the user was logged in on the PHP page following a FB connect login.
So, they login to FB Connect with IE7. Next and subsequent page loads where I need to verify they are indeed logged into FaceBook I used the following code (note that $facebook->require_login() and other functions did not work - they returned null only in IE 7):
// Validate from Facebook that session is valid and user is logged in.
require_once 'facebook/facebook.php';
$facebook = new Facebook(YourAppsAPIKeyPublic, YourAppsAPIKeySecret);
$facebook->api_client->session_key = $this->userAPISessionKey;
$fb_user_id = $facebook->api_client->users_getLoggedInUser();
The $fb_user_id should now have a valid FaceBook user ID.
Regarding privacy policy and facebook connect + IE 7:
Although this didn't work for me it appears to work for others. in HTAccess:
Header append P3P "CP=\"HONK\""
or in PHP files:
header('P3P: CP="CAO PSA OUR"');
or
header('P3P: CP="HONK"');
reference: http://forum.developers.facebook.com/viewtopic.php?id=28636
ASP.NET:
protected void Application_BeginRequest(Object sender, EventArgs e)
{
HttpContext.Current.Response.AddHeader("p3p", "CP=\"CAO PSA OUR\"");
}
Upvotes: 3
Reputation: 1302
you may want to see this thread also, which is created under facebook developer platform
http://forum.developers.facebook.com/viewtopic.php?id=452
Upvotes: 0
Reputation: 12469
I found a work-around that works, although it is a bit ugly: when the user clicks the 'login' button, it opens a popup that comes from my own site and which contains the Facebook Connect login button. After the user logs in, I close the popup and reload the iframe.
This is really ugly because It opens two popups, but at least it works. I will detect whether cookies are enabled using javascript and if they are enabled, I will skip the first popup.
I'm still open to better solutions...
Edit: Facebook now uses a "fake" popup inside my popup, instead of opening another window. Now I only have one popup which is ok for me.
Upvotes: 1
Reputation: 5156
Have you tried adding a P3P policy ?
If the response setting the cookie has a compact policy, IE will use this to determine whether or not to allow the 3rd party cookie..
Upvotes: 7
Related Questions
- Facebook iframe not working in IE; session/login issue?
- Facebook form app inside iframe loses cookies for Safari browsers in Windows platform
- facebook app iframe login issue on safari
- Facebook iFrame APP not working in IE, works on every other browser
- Iframe Facebook application and cookies [Internet Explorer]
- Facebook Oauth is failing in Iframe in IE and Firefox
- IE problem with facebook iframe application
- Session Lost on IE Facebook App iFrame
- Facebook application iframe problem
- Using Facebook connect inside an IFrame (Not an Iframe inside facebook)