Cookies and Facebook canvas apps

Posted: March 8th, 2011 | Author: | Filed under: Facebook, Rails | 5 Comments »

With the new Facebook way of loading iframes apps with POST requests, the safari third-party cookie problem is now partly fixed. It has always been a big headache dealing with cookies on the Facebook platform since Safari rejects them by default. With POST requests however, it is now possible to set cookies from the server. It seems Safari will still reject cookies set from the client.

So if you are using the Facebook Javascript SDK and set the cookies option to true, Safari won’t accept the FBS_XXXX cookie planted by the SDK. I struggled a whole week-end before figuring it out.

The work-around I use is to set a cookie from the server with the signed_request in it if there is one present. This solves most of the problems since I can just use the cookie when I don’t have a fresh signed_request (this happens when I do a request inside the canvas).

Here is the code inside a before_filter in the application_controller. I use Rails with the Facebooker2 gem :

The P3P header is used to make IE6 and IE7 accept the cookie as well.

If you’re building a Facebook canvas application with Rails, take the time to also read my post about keeping your REST architecture with the POST requests.

  • Johanna

    Thank you!!! I’ve been struggling with this issue for days now, searching the whole internet not finding any solution. Works like a charm, and so simple!

  • Steve Verlinden

    Hi, I had the same issue. This work well for Safari, but I still have the issue with firefox 4. This custom cookie is not set on Firefox. Have you had the same problem ? 

  • http://coderubik.com Pierre Olivier Martel

    To my knowledge, Firefox should not have any trouble setting the third-party cookie.

  • http://pulse.yahoo.com/_5ZSVOG2BYLPHMQIXUBYD7EQCNI Como

    Hi, I’ve spent so many hours with this. The last Chrome update came with
    “Block third party cookies” checked and this one came again. I gave a
    try to this trick but didn’t work, same with FF7 when third party cookies are blocked.

    Is this working for you if you block third party cookies?

    Cheers.

  • http://coderubik.com Pierre Olivier Martel

    The latest version of Facebooker2 handles cookies just fine with oauth2 and it should work in all the different browsers. Take a look at controller.rb to see how it’s done.