7

I am devloping a facebook app. Stragnly, the app work fine on most browsers (I tested it on FF, chrome and safari and it worked fine on all of them). However when I tested on IE8, I received this error message when trying to make an ajax call to one of the pages:

Fatal error: Uncaught Exception: 102: Requires user session thrown in
/home1/website/public_html/facebook/src/facebook.php on line 515

This is the function than contain line 515 in facebook.php:

protected function _restserver($params) {
  // generic application level parameters
  $params['api_key'] = $this->getAppId();
  $params['format'] = 'json-strings';

  $result = json_decode($this->_oauthRequest(
    $this->getApiUrl($params['method']),
    $params
  ), true);

  // results are returned, errors are thrown
  if (is_array($result) && isset($result['error_code'])) {
    throw new FacebookApiException($result);
  }
  return $result;
}

My guess is that it is something to do either with sessions or with IE8 settings but I am not sure how to fix this issue.

Matthew Strawbridge
  • 19,940
  • 10
  • 72
  • 93
khr2003
  • 1,055
  • 4
  • 12
  • 21

2 Answers2

22

Try adding this header on top of your php file:

<?php
    header('p3p: CP="NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM"');
?>

This will make cross-domain AJAX calls work in IE

EDIT:

Actually the long correct answer is the following:

When developing an IFrame Canvas app (or any other iframe hosted in a page from a diferent domain) access to cookies (known as 3rd party cookies) are restricted under some conditions (Default IE config). Firefox, Chrome, Safari, Opera all work as expected but IE block access to this cookies. The presence of this header (Which is called a P3P Compact Privacy Policy) will make IE to accept cookies from diferent domains.

And how this makes your session code work???

Well to mantain session information in the server, the page issues a session cookie which is stored in the client. If your iframe uses session then it has to be allowed by the browser to store the cookie.

Falling to store the cookie means the session will get lost and your session-based code will fail like you have posted.

Hope this helps.

PS: BTW I have no idea what all the strange acronyms in the p3p header means. I have seen many variations of it working so you should try to investigate a little bit more about it

Carlos Muñoz
  • 17,397
  • 7
  • 55
  • 80
  • 2
    Wow. This is certainly one magical line. It worked perfectly (I had to close and open IE8 to refresh the Ajax message though). What does this line do? – khr2003 Dec 17 '10 at 03:43
  • 2
    Thank you very much for your explanation. I did some research and here is the link that explains the strange acronyms: http://www.p3pwriter.com/LRN_111.asp – khr2003 Dec 17 '10 at 07:44
0

If you are running on a Microsoft .net platform, you can set the P3P headers in IIS.

See the following link, but you can skip the crap about having to have a policy XML file and cut straight to adding the header!

http://support.microsoft.com/kb/324013

mike nelson
  • 21,218
  • 14
  • 66
  • 75
  • I would just like to caution people against thinking that adding a P3P header will solve all cookie issues. It will work around a common scenario in IE, but if third-party cookies are explicitly disabled (either by browser security settings or by an add-on cookie manager) then the presence of a P3P header won't make any difference. By using cookies in an iframe app, you are always going to lose a few users here and there. Hopefully not many, but always some. If that is unacceptable, don't use cookies. – Floyd Wilburn Sep 13 '11 at 08:59