Codeigniter Session Class doesn't appear to work in facebook iframe

Question

I built a simple yes or no quiz app using codeigniter. It's a facebook page tab and so is accessed in an iframe.

As the user progresses through the quiz their score is incremented by +1 for every correct answer and stored using the session class.

It work's great in Chrome but in safari the score doesn't store for some reason.

//if the user answered correctly add one correct answer

$correct_answers = $this->session->userdata('correct_answers');
$correct_answers += 1;
$this->session->set_userdata('correct_answers', $correct_answers);

Edit:

I have printed out the session data onto the app and I can see that the first correct answer is stored but then if you answer incorrect it does not show anything for 'correct_answer's. It also doesn't increment. If you were to answer all questions correct the final result is 1. If none are correct the final result is 0.

It doesn't return an error, it's just not setting the cookie — , Mar 05 '13 at 13:40

score 3 · Accepted Answer · edited May 23 '17 at 10:25

Unfortunately Safary is blocking 3rd party cookies and this is a big problem for us facebook app developers. The only solution that will work for sure, even with new updates on safari is the one I'll describe above.

I don't know how's your app designed but every app I do has a landing page with a button for users to enter the page.

This buttons has two main purposes, the first one is to request permissions in case de user hasn't granted yet and the other one is to open a new window with the url where my app is located. Because the user is visiting your domain outside the iframe you can create a session, so basically this new window visits my url creates a session and then closes by itself.

You can read more about this, in the question above. Although most of the answers are outdated you'll get an idea of what works and what doesn't

Safari 3rd party cookie iframe trick no longer working?

EDIt

What I have done is after the user presses the button, the app goes to the next page and I open a new window with some javascript (like a pop-up).

So on the landing page you just put a listener to your button (note I'm using jquery)

$(document).on("click", ".bt-landing", function(){
window.open('<?=site_url("app/create_session")?>', '_blank', 'toolbar=0,location=0,menubar=0');
});

This is the code for the controller method "create_session"

public function create_session(){
        setcookie("safari_test", "1");
        $this->load->view('create_session');
    }

And the view that is loaded is this one:

<html>
    <head>
        <meta charset="utf-8">
        <title>App title</title>
        <script type="text/javascript" src="<?=base_url('public/js/jquery-1.9.1.min.js')?>"></script>
    </head>
    <body>
    <script type="text/javascript">
    $(document).ready(function(){
       setTimeout(function(){window.close()},1000);
    })
    </script>
    </body>
</html>

Ok. My app basically updates the cookie on every hit of a correct answer then loads the next screen. The first time you click a correct answer it does set it like so: `[user_agent] => Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_5) AppleWebKit/534.57.7 (KHTML, like Gecko) Version/5.1.7 Safari/534.57.7 [last_activity] => 1362495599 [user_data] => [correct_answers] => 1` — , Mar 05 '13 at 14:55
You can do that but not without the user first visit your domain, that's why your app works fine on safari outside the iframe — Fabio Antunes, Mar 05 '13 at 14:57
OK, would the user notice that they left? How would I implement this? — , Mar 05 '13 at 14:57
In my case the user doesn't leave the page, I've updated my answer with some code — Fabio Antunes, Mar 05 '13 at 15:07
Thanks that worked. Seems a bit silly that you have to do this. But it worked. — , Mar 05 '13 at 15:36
I have been searching for 2 days... 2 days of debugging this ***** browser. You are the One man ! Thank you Is there a way to not display the window each time ? — Adrien G, Jul 05 '13 at 12:44
you could use the user agent to display the window onlye for safari users. And you also could do an ajax request checking if the user already has a cookie, if he doesn't then you display de small window — Fabio Antunes, Jul 05 '13 at 13:26

score 1 · Answer 2 · answered Mar 05 '13 at 14:33

If you use IE, you must use a P3P Privacy Policy. If you haven't one, the cookies don´t work under an iframe on facebook:

Generate a P3P Privacy policy:

http://www.p3pwiz.com/begin.php

You can try this, some users say is useful too:

http://viralpatel.net/blogs/how-to-set-third-party-cookies-with-iframe/

Info:

http://en.wikipedia.org/wiki/P3P

score 0 · Answer 3 · answered Mar 05 '13 at 14:03

0

Try change the config setting in your /application/config/config.php:

$config['sess_match_useragent'] = FALSE;

There is a possibility that having the app in an IFRAME messes up the result of the user agent check performed by default setting of the CI session.

Otherwise a proper debug log from CI would be good in order to see where the session is "lost".

answered Mar 05 '13 at 14:03

jtheman

7,421
3
28
39

I have made an edit to my question. Is is being set the first time a user answers a correct answer. – Mar 05 '13 at 14:43
However, it does work perfectly fine if i visit the site in safari outside of an iframe. – Mar 05 '13 at 14:46

score 0 · Answer 4 · answered Jul 16 '13 at 14:29

Related to Fabio's great answer, here's a way to check for Safari:

function isSafari() {

    var ua = navigator.userAgent.toLowerCase();
    if (ua.indexOf('safari') != -1) {
        if(ua.indexOf('chrome')  > -1) {
            return false;
        } else {
            return true;
        }
    }

    return false;

}

Codeigniter Session Class doesn't appear to work in facebook iframe

4 Answers4