Facebook app works on all browsers but not IE8

Question

I am devloping a facebook app. Stragnly, the app work fine on most browsers (I tested it on FF, chrome and safari and it worked fine on all of them). However when I tested on IE8, I received this error message when trying to make an ajax call to one of the pages:

Fatal error: Uncaught Exception: 102: Requires user session thrown in
/home1/website/public_html/facebook/src/facebook.php on line 515

This is the function than contain line 515 in facebook.php:

protected function _restserver($params) {
  // generic application level parameters
  $params['api_key'] = $this->getAppId();
  $params['format'] = 'json-strings';

  $result = json_decode($this->_oauthRequest(
    $this->getApiUrl($params['method']),
    $params
  ), true);

  // results are returned, errors are thrown
  if (is_array($result) && isset($result['error_code'])) {
    throw new FacebookApiException($result);
  }
  return $result;
}

My guess is that it is something to do either with sessions or with IE8 settings but I am not sure how to fix this issue.

Answer 1

Try adding this header on top of your php file:

<?php
    header('p3p: CP="NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM"');
?> 

This will make cross-domain AJAX calls work in IE

EDIT:

Actually the long correct answer is the following:

When developing an IFrame Canvas app (or any other iframe hosted in a page from a diferent domain) access to cookies (known as 3rd party cookies) are restricted under some conditions (Default IE config). Firefox, Chrome, Safari, Opera all work as expected but IE block access to this cookies. The presence of this header (Which is called a P3P Compact Privacy Policy) will make IE to accept cookies from diferent domains.

And how this makes your session code work???

Well to mantain session information in the server, the page issues a session cookie which is stored in the client. If your iframe uses session then it has to be allowed by the browser to store the cookie.

Falling to store the cookie means the session will get lost and your session-based code will fail like you have posted.

Hope this helps.

PS: BTW I have no idea what all the strange acronyms in the p3p header means. I have seen many variations of it working so you should try to investigate a little bit more about it