Redirect::to() clears Facebook access token

Question

I'm building a Facebook app using laravel and I'm using Redirect::to('thank_you') in my code to redirect a user to a thank you page after they've submitted a form.

function submitForm() {
    //Process input
    //Done, now redirect to thank you page
    Redirect::to('thank_you')
}

However, in 'thank_you', the Facebook access token is gone. So when I need to run $facebook->api('/me') it throws an exception saying a valid access token is needed.

It is driving me crazy! Have you got any suggestion for me?

(I'm currently storing the access token in $_SESSION['user_token']. But when the user logs out this is still valid, so the user can't logout of his FB account in the app. And the client doesn't want any logout button on the site)

//Fix for invalid access tokens
if(!isset($_REQUEST['code']) && isset($_SESSION['accessToken'])) {
    $this->facebook->setAccessToken($_SESSION['accessToken']);
} 
//if the user has just done facebook login & auth
else if(isset($_REQUEST['code'])) {
    $_SESSION['accessToken'] = $this->facebook->getAccessToken();
}

Answer 1

If the app is inside an iframe (e.g. a Facebook Canvas App or a Page Tab App) then you need to set a P3P header which tells the browser to allow you to access cookies from within the iframe.

header('P3P: CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA"');

if you don't do this, the session cookie doesn't get passed to your app, which will result in you being logged out.

(this is only relevant if you are inside an iframe)

edit: Here is a good explanation about what the p3p header does Cookie blocked/not saved in IFRAME in Internet Explorer