Rob Lacey
2009-Aug-20 09:27 UTC
[Facebooker-talk] Facebook cookies and cross domain sessions
Hi, I wonder if can quiz anyone on how to solve a problem. I use our Facebook app to take payments so we have to access our app outside of the Facebook Canvas for a few controllers (and only minimally). We have a system working fine and we have a token based login to ensure its the same user on the external pages. The problem is we want to perform an action, set some flash messages and redirect users back the facebook canvas. The problem being that sessions don''t work across both domains. I thought initially it was the difference in domains between http://apps.facebook.com and http://facebook.pledgemusic.com and that''s why cookies didn''t work. However, it occured to me that since Facebook proxy all requests and deal with maintaining state then its actually Facebook that have their own cookies mechanism built into their proxy setup. So there should be no problem. However I read this morning that cookies are not stored on a per domain basis, rather a per application basis. So in order to get this to work I need to replicate how Facebook store cookies. Perhaps its setting the application id as the domain or something but this feels wrong and just guess work. http://wiki.developers.facebook.com/index.php/Cookies Anyone got any ideas how to do this? Or even check the way the cookies are stored from Facebook''s side? Cheers RobL