In handling the post-authorize callback for fbconnect apps, i''m running into a problem with securing the session. It should be handled by secure_with_fb_params, but request_comes_from_facebook fails due to the absence of fb_sig_is_ajax or fb_sig_in_canvas in the params hash. We could modify this function to include fb_sig_authorize as a valid identifier, as I''m seeing that included in the params in the post-auth ping. Before I follow that route, any better ideas?