Background:
- Using Facebook PHP SDK v 2.1.2
- cookieSupport = true
- App on Facebook has OAuth 2.0 for Canvas enabled
- Facebook Connect / sign in logic happens over https on a separate subdomain (secure.mysite.com)
- Dev sites are dev.mysite.com:PORT_NUM
What works
- I can sign in successfully using Facebook Connect
- After authorizing via Facebook dialog, we sign the user in and then redirect to fbconnect.php which instantiates the Facebook class and calls $facebook->getSession()
- This returns a valid Facebook session and we proceed with our post-signIn logic
- We then redirect to the signed in home page
What doesn't work
- Any time after that, the $facebook->getSession() returns NULL. No matter what.
- According to the docs, Facebook should regenerate a valid session based on the cookie as long as it's valid. The duration is set to the default of 1 hour, but calls done even 30 seconds after the cookie is set fail.
I'm wondering if there's something in the fbs_ cookie that's preventing the regeneration of a session post sign-in. Something related to the secure subdomain or possibly the port numbers we use on our dev sites?
There are a lot of people having similar problems with Facebook sessions from what I've seen, but the suggestions I've come across don't seem to address the content of the fbs_ cookie, domains, ports etc. My understanding of how such things relate to cookies is relatively light, but I'd like to at least check them off as non-issues so I can look elsewhere.
Appreciate any insights.