I have a facebook app that runs inside an iframe. After the user allow permissions from the app I'm expecting facebook to send me $_REQUEST variables that I use to retrieve user data and it is working well. The problem is after I put the users data in Laravel Session using Session::put() and then Session::save(), on the next request the session is gone. So my app cannot retrieve the Session anymore. I really don't know why during the test all of my browsers work, (Safari, Firefox, Chrome). So I put some error checking to email me everytime there is an Session Error and still I got 30+ emails per day telling that Chrome has no Session, and some users were posting about the App returning Error. I'm really struggling for this problem for days now. I've implemented some fix adding P3P headers and adding favicon on my site, still no avail.
Here is my code:
Route::filter('before', function()
{
// Do stuff before every request to your application...
header('P3P:CP="NOI DEV PSAi COM NAV OTR STP DEM HONK IDC DSP COR ADM DEVi TAIi CAO PSA PSD IVAi IVDi CONi HIS OUR IND CNT"');
//safari 3rd party fix cookie fix
if(isset($_SERVER['HTTP_USER_AGENT'])) {
if (! count($_COOKIE) > 0 && strpos($_SERVER['HTTP_USER_AGENT'], 'Safari')) {
if(strpos($_SERVER['HTTP_USER_AGENT'], 'Chrome') == false) {
session_start();
$page_url = Config::get('custom.fb_page');
if (isset($_GET["start_session"]))
die(header("Location:" . $page_url));
$sid = session_id();
if (!isset($_GET["sid"]))
{
if(isset($_POST["signed_request"]))
$_SESSION["signed_request"] = $_POST["signed_request"];
die(header("Location:?sid=" . $sid));
}
if (empty($sid) || $_GET["sid"] != $sid)
die('<script>top.window.location="?start_session=true";</script>');
}
}
}
}
}
//and the code that sets Laravel Session
Route::any('tab/(:any?)', function ($res = null)
{
//$response = some_function_to_get_token($_REQUEST['signed_request']);
if($response && isset($response['oauth_token']))
{
Session::put('my_session_for_token', $response['oauth_token']);
Session::save();
$redirect = Redirect::to('my_awesome_page');
}
else
$redirect = Redirect::to('permission');
}
EDIT
I've already tried setting $_SESSION and commenting out Session::put() but it doesn't set my $_SESSION at all. Next thing I tried was uploading a sessionchecker.php script and tried it using the browser.
heres the code for session check:
<?php
error_reporting(E_ALL);
ini_set('display_errors', '1');
session_start();
if (isset($_SESSION['views']))
$_SESSION['views'] = $_SESSION['views'] + 1;
else
$_SESSION['views'] = 0;
echo '<pre>';
var_dump(session_id()); // I should stay the same
var_dump($_SESSION); // I should start at 0 and increase
echo '</pre>';
and it working as expected, Im suspecting that it has something to do with Redirect::to(). P.S. I've already tried configuring Laravel to use Cookie and File but still the error occurs.
