Facebook cookie not being set?

Oct 1, 2010 at 3:14 AM

I'm writing a Facebook IFrame application using the FaceSharp API, along with ASP.NET MVC2.  My controller is decorated with the [FacebookGraphApiFilter] attribute, and I can see ValidateSignedReqeust process the OAuth signed_request parameter along with the cookie being set by SetFacebookCookie.  However when I do a POST back to my controller, there is no signed_request parameter, and there are is no cookie.  

Any idea why I would not see the cookie that was set in the previous request?

 

Coordinator
Oct 1, 2010 at 4:28 AM

You also want to double check your facebook application settings to ensure both OAuth 2.0 for Canvas (beta) / Canvas Session Parameter are set to enabled..

Viewing the http://<<yourwebsite>>/trace.axd  might also provide insight.

 

 

 

Oct 1, 2010 at 2:23 PM

Good call on enabling trace.  I did see that the cookie was in fact not being set.  I looked at SetFacebookCookie in FacebookGraphFilter, and realized that there are two bugs in this method.  The corrected lines are highlighted in red.

  1. . When the cookie is read, the payload has '=' after each key.  The payload variable below did not.
  2. The cookie was being constructed, but never added to the Response object.

Once these two changes were made, everything works as expected.

--Eric

	public void SetFacebookCookie(string accessToken, DateTime expires, string sessionKey, string uid)
        {
            var cookie = new HttpCookie("fbs_" + ApplicationId) {Expires = expires};

            var payload = "access_token=" + accessToken + "session_key=" + sessionKey + "uid=" + uid;

            var md5 = new MD5CryptoServiceProvider();
            var hash = md5.ComputeHash(Encoding.ASCII.GetBytes(payload + ApplicationSecret));
            var sig = BitConverter.ToString(hash).Replace("-", string.Empty).ToLower();

            cookie.Values["access_token"] = accessToken;
            //cookie.Values["secret"] = secret; //don't know how to properly set this, or what it is used for
            cookie.Values["session_key"] = sessionKey;
            cookie.Values["sig"] = sig;
            cookie.Values["uid"] = uid;
            HttpContext.Current.Response.SetCookie(cookie);
        }

Coordinator
Oct 20, 2010 at 4:11 AM

Those changes are now in the app.. thanks again..