Latest on twitter:
You must be implementing FB Connect; you poor bastard. I integrated it with CNET’s single sign-on system on TV.com. It was one of the most painful things I’ve ever had to debug. I’d like to punch the guy that thought that authentication should be done on the client side. It’s not so bad if you don’t have an existing user authentication system, but doesn’t everyone?
But I digress, you’re looking for fb.connect.requireSession most likely because FB’s documentation for this function (or is it this one) is terribly brief and unhelpful. Calling this function will envoke the same login window (or lightbox depending on the user’s login state at FB) that the user would get by clicking a “Connect with Facebook” button. You’re here because I quoted a FB forum comment about the behavior of the close button on the pop-up window.
Since then I have learned that if you are developing a FB app with an iframe of a page where you are using FB Connect, and you want to authenticate the user with your site you can’t do it inside the iframe because IE/Saf are not going to trust any cookies set by a page in an iframe on facebook.com that’s not also hosted at facebook.com. So you’ll want to redirect the user’s browser to your FC Connect url on your own domain to get authorization cookies. However, even though the user is logged into FB you can’t just send them to your FB Connect site thinking that the FB session will be valid, oh no! You must first perform a requireSession call (on your domain, not in the iframe) which will again redirect the user to your Connect url so that all the proper FB Connect session cookies are set.
Did you get all that? Simple right?
This is one of the more common FB.Connect calls but it is nonetheless riddled with mystery. For example did you know that there’s an undocumented second callback which will get executed if the user decides to close the window? And what arguments do those callbacks accept anyway?
