Authentication Issue with IE

Nov 28, 2011 at 1:20 PM

Hi Guys,

First off, I want to say thanks for the toolkit, it's a great help! Keep up the good work!

I'm working with iframes using the canvaspage class. I am getting a strange bug where the API is not instanceating, but only in Internet Explorer. I have tested this on two mechines running IE7 and IE9. Everything works as expected in Chrome and Firefox.

Is there any known bug that causes this?


Matt Taylor

Nov 28, 2011 at 3:49 PM

I really have no idea yet, as so far I've only been testing with FF and IE8.

Until we hear from Kayson, I'll ask if you have tried checking for security issues. I've recently had non-FGT issues when logging into Facebook as a user with "secure browsing" turned off per FB profile settings.  IE reports error coming from FB, not the app.

So check to see if there are any differences with your browsers, where you might be using HTTPS with FF and not IE, or the other way around.

I'd also add a global.asax and catch and report any application exceptions which come up.

I'll run my app with IE9 and see if I can find an IE7 for it as well to see if I can verify your situation.

Finally, I'd be curious what happens if you use Fiddler on a working system, and set the User Agent to IE7, then run through FF. Then on a system that doesn't work, use Fiddler and run with User Agent set to FF3, then run through IE.

HTH for now.

Dec 2, 2011 at 7:41 AM

That sounds strange to me, but I believe this is a browser settings issue. I always use IE9 and so far I haven't encountered similar problems.

Dec 4, 2011 at 5:38 PM

I think this may be a problem with storing the session state ID in a cookie. I just ran into a similar problem at work where forms authentication (which uses the session to store the user ID, etc) produces the similar problems on older IE browsers. As ever, this happens when I was demoing some stuff to my boss, who still uses IE 4 or 5 >.<

I'm looking into using cookieless sesstiosn for that project, and have had a go at using cookieless for my facebook game. However, this seems to cause a 500 error 'Cannot find facebook POST information' whenever <sessionState cookieless='true' /> is in the web.config.

I have also been handling redirects in my Global.aspx  (although the page 500s before getting to any redirection) this way:

public static void Redirect(string path, HttpResponse Response, bool relative, bool endResponse) 
            // add all the cookieless session state stuff to the path
            path = Response.ApplyAppPathModifier(path);

            // use the facebook API to redirect...
            Facebook_Graph_Toolkit.Helpers.IframeHelper.IframeRedirect(path, relative, endResponse);

 Thanks for the feedback, I will keep posting anything I find here,

Matt Taylor



Dec 4, 2011 at 5:42 PM

Just to clarify, I now don't think that this has anything to do with the API not instantiating.

It is the user object I am storing in the session that is causing the problem when the session is not carried between pages, because the session ID is not being stored in a cookie on IE browsers, probably due to the security settings.

Dec 6, 2011 at 12:17 PM

I use ViewState to store objects between postbacks, and QueryString and sometimes server-side caching between pages in Iframe Facebook apps. This may help you.