Facebooker talk - Aug 2009 - Facebook cookies and cross domain sessions

Hi,

I wonder if can quiz anyone on how to solve a problem. I use our 
Facebook app to take payments so we have to access our app outside of 
the Facebook Canvas for a few controllers (and only minimally). We have 
a system working fine and we have a token based login to ensure its the 
same user on the external pages.

The problem is we want to perform an action, set some flash messages 
and  redirect users back the facebook canvas. The problem being that 
sessions don''t work across both domains. I thought initially it was the
difference in domains between http://apps.facebook.com and 
http://facebook.pledgemusic.com and that''s why cookies didn''t
work.
However, it occured to me that since Facebook proxy all requests and 
deal with maintaining state then its actually Facebook that have their 
own cookies mechanism built into their proxy setup. So there should be 
no problem.

However I read this morning that cookies are not stored on a per domain 
basis, rather a per application basis. So in order to get this to work I 
need to replicate how Facebook store cookies. Perhaps its setting the 
application id as the domain or something but this feels wrong and just 
guess work.

http://wiki.developers.facebook.com/index.php/Cookies

Anyone got any ideas how to do this? Or even check the way the cookies 
are stored from Facebook''s side?

Cheers

RobL