Access the Facebook signed_request when moving between pages inside an application? $facebook->getSignedRequest()

Question

I am installing an application inside of a Facebook page. I received the signed_request variable in my $_REQUEST, or when using the Facebook PHP SDK Facebook::getSignedRequest() function. However, inside my application when I go to a different page within the application, the signed_request does not follow it.

I understand that it is placed inside the $_SESSION and the signed_request data is stored inside the session, but what method am I supposed to be calling in order to get that data? Do I have to strip it out of my session myself and not use the PHP SDK? I would expect getSignedRequest to always give me the same result as long as I am receiving it in the $_REQUEST or through the $_SESSION.

Please advise! Thanks in advance!

Answer 1

I believe the issue here is with third party cookies and it's something I've come across a lot.

The way I have solved it in the past is to check on initial load for the signed request and if present, append the raw signed request data to a query var on all links (i.e. http://www.example.com/page&signed_request=<<signed_request>>)

It's not pretty but your urls are hidden from view as they are in the iframe - it's not something I would advise to do if your application isn't inside an iframe.

You will also need to check any Javascript or server side code that may affect data inside the request and amend your urls accordingly.

I hope there's a better way of working than this, but it's the only way I've figured out so far (without resorting to using the app_data query var on facebook urls for navigation).

Answer 2

How about saving the signedRequest in a Session and reusing it?

$signedRequest = $facebook->getSignedRequest();
if(isset($signedRequest)) $_SESSION['signedRequest'] = $signedRequest;
else $signedRequest = $_SESSION['signedRequest'];