3

Background:

  • Using Facebook PHP SDK v 2.1.2
  • cookieSupport = true
  • App on Facebook has OAuth 2.0 for Canvas enabled
  • Facebook Connect / sign in logic happens over https on a separate subdomain (secure.mysite.com)
  • Dev sites are dev.mysite.com:PORT_NUM

What works

  • I can sign in successfully using Facebook Connect
  • After authorizing via Facebook dialog, we sign the user in and then redirect to fbconnect.php which instantiates the Facebook class and calls $facebook->getSession()
  • This returns a valid Facebook session and we proceed with our post-signIn logic
  • We then redirect to the signed in home page

What doesn't work

  • Any time after that, the $facebook->getSession() returns NULL. No matter what.
  • According to the docs, Facebook should regenerate a valid session based on the cookie as long as it's valid. The duration is set to the default of 1 hour, but calls done even 30 seconds after the cookie is set fail.

I'm wondering if there's something in the fbs_ cookie that's preventing the regeneration of a session post sign-in. Something related to the secure subdomain or possibly the port numbers we use on our dev sites?

There are a lot of people having similar problems with Facebook sessions from what I've seen, but the suggestions I've come across don't seem to address the content of the fbs_ cookie, domains, ports etc. My understanding of how such things relate to cookies is relatively light, but I'd like to at least check them off as non-issues so I can look elsewhere.

Appreciate any insights.

byron
  • 970
  • 3
  • 14
  • 24
  • I'm having similar isses, but only in certain browsers and don't want to have to redo my whole login process. So far this http://stackoverflow.com/questions/3955615/how-do-i-get-my-facebook-application-to-automatically-ask-for-required-permission is looking the most promising – danjp Jun 29 '11 at 01:15

2 Answers2

2

I had a similar issue to you and I began to use something similar to the following:

function get_facebook_cookie($app_id, $app_secret) {
 $args = array();
 parse_str(trim($_COOKIE['fbs_' . $app_id], '\\"'), $args);
 ksort($args);
 $payload = '';
 foreach ($args as $key => $value) {
 if ($key != 'sig') {
  $payload .= $key . '=' . $value;
 }
 }
 if (md5($payload . $app_secret) != $args['sig']) {
return null;
}
return $args;
 }
 $cookie = get_facebook_cookie(APP_ID, APP_SECRET);
 $me = json_decode(file_get_contents('https://graph.facebook.com/me?access_token='.$cookie['access_token']));

if ($me) {
echo "Hi ".$me->name;

} else { ?>
<a href="https://www.facebook.com/dialog/oauth?client_id=<?= APP_ID;?>&redirect_uri=<?= REDIRECT_URI ;?>"><img src="http://static.ak.fbcdn.net/rsrc.php/zB6N8/hash/4li2k73z.gif"><!--Login with Facebook--></a>

I also include the following JS

 <div id="fb-root"></div>
<script src="http://connect.facebook.net/en_US/all.js"></script>
<script>
  FB.init({appId: '<? echo APP_ID ?>', status: true,
           cookie: true, xfbml: true});
  FB.Event.subscribe('auth.login', function(response) {
    window.location.reload();
  });
</script>

I was using the PHP SDK such as yourself but I stopped do to the face it wasn't working. I have noticed that this still fires a few errors in the error logs relating to the cookies, so it almost seems like it relies on the JS to initialise the cookie first. Version 3 of the SDK is available now so maybe that will help. The only difference between this is I have to manually call file_get_contents on the graph object I want but it should be easy enough to write a function or class to do this for you

TommyBs
  • 8,497
  • 3
  • 26
  • 58
0

This issue went away with the new Facebook PHP SDK (v3)

byron
  • 970
  • 3
  • 14
  • 24