Facebook login: Working under Mozilla, fails under IE

Aug 21, 2007 at 6:37 AM
Edited Aug 21, 2007 at 6:39 AM
Hi all, I'm writing my first Facebook app and have managed to create the base page, get the add-application functionality working, and get the full authentication info for the Facebook session.

The problem I'm running into is when I try to access authenticated content on my own website from this login (in other words, I have my own userbase, and people must login there to access the protected content/features), the asp.net application properly shows the login dialog. And when the credentials are entered properly, Firefox successfully lets me through, and I see it all as expected in a nice Facebook-hosted IFrame. And my app can fetch all the Facebook Developer toolkit goodies, like the friends list, etc. So far so good.

But when I do the exact same thing in IE, I get the login dialog (note -- this is the login for my own application/website), and I either get an infinite loop on this login (i.e., it keeps me on this same myapp login page, but I KNOW it's the right username/password combo). Sometimes, it does redirect me to the expected page, but never as a logged in user -- it's always as a myapp-unauthenticated user.

Firefox works as expected. IE fails. It appears as though IE is blocking the writing of the session key. This happens regardless of whether I try running off my production servers or localhost.

The application (myapp in the example above) runs flawlessly in IE and Mozilla when not hosted in the Facebook IFrame. I get prompted to log in when I should, and I get to the secure pages when I should. In both IE and Firefox.

Has anyone else encountered this? Thanks in advance for any assistance -- I'm really scratching my head over this one.
Aug 24, 2007 at 7:49 PM
Aha, I haven't yet verified that this is the issue, but it sure sounds like it is.

Internet Explorer has trouble storing Cookies with IFRAMES if you just use the defaults.

See this thread: http://forums.microsoft.com/MSDN/ShowPost.aspx?PostID=1969169&SiteID=1

Amazing to me that no one has commented on this yet! Seems like a major "gotcha". Thought I'd post here to unblock others...
Aug 24, 2007 at 9:10 PM
This has been discussed, although not in quite a while. The current base iframe page that is included with the framework sets the appropriate P3P header so that IE will accept 3rd-party cookies in a frame. Are you basing your page on that, or making your own from scratch? If making your own, take a peek at the source for the iframe base page to see how to set the headers yourself.
Aug 24, 2007 at 9:28 PM
Thanks! Sorry, yes indeed I did roll my own.

And I can definitely verify now that this indeed was the problem -- it's working now as expected.

I wish that IE (or ASP.NET) made it a little more obvious though that the cookies were being rejected because it's in an IFRAME. But I shouldn't complain too much -- overall, these tools are pretty amazing. Back to work. :-)