Search code examples
facebookinternet-explorer-7loadp3p

Eternal reloading page with Internet Explorer


I've got a problem with my FB apps with Internet Explorer 7.

I'm using this piece of code, provided by FB some time ago :

$auth_url = "http://www.facebook.com/dialog/oauth?client_id=" 
        . FACEBOOK_APP_ID . "&redirect_uri=" . urlencode(CANVAS_PAGE . 'index.php') . "&scope=user_likes,publish_stream";

$signed_request = $_REQUEST["signed_request"];

list($encoded_sig, $payload) = explode('.', $signed_request, 2); 

$data = json_decode(base64_decode(strtr($payload, '-_', '+/')), true);

// If first time we use the application -> ask for permissions
if (empty($data["user_id"]))
{
    echo("<script> top.location.href='" . $auth_url . "'</script>");
}   
// else display the page code
else
{
    }

Using this code, the page loads correctly but then, after 1 second, it reloads and so on, so it gets impossible to use.

By uncommenting the line

    echo("<script> top.location.href='" . $auth_url . "'</script>");

the problem is solved (btw, in my case, the code should not execute this line... It is SO strange that uncommenting a non-used line of code solves my problem but anyway...)

After reading some forums, I had the impression that this issue was a P3P header related one. So I tried to add this line:

header('P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"');

after the body tag. I also tried to add it just before the body tag, and I finally tried to add it as a meta tag:

<meta http-equiv="P3P" content='CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM CURa ADMa PHY ONL COM STA"'>

but none of these 3 options worked for me, and my app still loads eternally.

Anybody has a clue?

Thanks in advance!


Well, I read some forums relating the same problem :

but none of these solutions worked for me, I still have this eternal reloading page problem.

I also read a forum which I thought would solve my problem - http://adamyoung.net/IE-Blocking-iFrame-Cookies - but again... no luck.

Can anybody help me???


Solution

  • Couldn't get you code to work either, it just reloaded. Seems $_REQUEST["signed_request"] was never set.

    But I got it to work with the code from http://developers.facebook.com/docs/authentication/

       <?php
       $app_id = "your app id";
       $app_secret = "your app secret";
       $my_url = "your app url";
    
       session_start();
       $code = $_REQUEST["code"];
    
       if(empty($code)) {
         $_SESSION['state'] = md5(uniqid(rand(), TRUE)); //CSRF protection
         $dialog_url = "http://www.facebook.com/dialog/oauth?client_id=" 
           . $app_id . "&redirect_uri=" . urlencode($my_url) . "&state="
           . $_SESSION['state'];
    
         echo("<script> top.location.href='" . $dialog_url . "'</script>");
       }
    
       if($_REQUEST['state'] == $_SESSION['state']) {
         $token_url = "https://graph.facebook.com/oauth/access_token?"
           . "client_id=" . $app_id . "&redirect_uri=" . urlencode($my_url)
           . "&client_secret=" . $app_secret . "&code=" . $code;
    
         $response = file_get_contents($token_url);
         $params = null;
         parse_str($response, $params);
    
         $graph_url = "https://graph.facebook.com/me?access_token=" 
           . $params['access_token'];
    
         $user = json_decode(file_get_contents($graph_url));
         echo("Hello " . $user->name);
       }
       else {
         echo("The state does not match. You may be a victim of CSRF.");
       }
    

    That said, I would recommend you to use the Facebook PHP SDK, http://developers.facebook.com/docs/reference/php/ that makes programming facebook apps easier.

    EDIT: using the PHP SDK

    To authenticate with the PHP SDK, you would do something like the following:

    // update this to where you've stored the facebook PHP SDK
    require '../src/facebook.php';
    
    $facebook = new Facebook(array(
      'appId'  => 'your app id',
      'secret' => 'your app secret',
    ));
    
    $user = $facebook->getUser();
    if ($user) {
      print "You've logged in!";
    } else {
      echo("<script> top.location.href='" . $facebook->getLoginUrl() . "'</script>");
    }
    

    EDIT: headers

    Also, try setting this in the first lines of you code:

    ini_set('session.use_trans_sid', 1);
    header('P3P:CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"');
    

    This helped me when the fb session was lost sometimes in an app. Found that in this post: How to properly handle session and access token with Facebook PHP SDK 3.0?