Update and solution: It turns out that the problem was due to the redirect that I used for my dev URL, which caused browsers to treat all cookies set by my page as third-party cookies. The cookie for the JS API on Facebook is not set as a third-party cookie.
I am working on an ASP.NET authentication application on Facebook. For this, I use the Microsofts Facebook SDK in conjunction with the Facebooks Javascript API. Everything works except Safari. The default safari is to not accept third-party cookies, which leads to:
- I can access my Facebook session through Javascript.
- I CAN'T access the server side of the Facebook session because the cookie is never set or sent from Safari.
This is my Facebook (JS) related client code:
<div id="fb-root"></div>
<fb:login-button>Login with Facebook</fb:login-button>
<script src="http://connect.facebook.net/en_US/all.js"></script>
<script>
FB.init({ appId: 'myAppId', status: true, cookie: true, xfbml: true });
FB.Event.subscribe('auth.login', function (response) {
if (response.session) {
window.location.reload();
}
});
</script>
This is my code for retrieving the user authentication part of the server (C #):
public string FacebookUserID
{
get
{
FacebookSettings settings = new FacebookSettings();
settings.AppId = "myAppId";
settings.AppSecret = "myAppSecret";
FacebookApp app = new FacebookApp(settings);
Authorizer auth = new Authorizer(app);
return (auth.IsAuthorized()) ? app.Session.UserId : null;
}
}
I think I'm not the only one who has the same problem, but I was looking for a forum for Facebook developers and here I have not found a solution. This is more of a Safari problem than a Facebook issue.
I was thinking of posting the user ID to the server using GET / POST / my own cookie, but this is an ugly solution and a potential security issue.
Any ideas?
source
share