I have a Rails app that runs inside of Fabebook as an iframe. I use Koala gem for FB communication (also the js SDK for some parts) and Devise as authentication base.
For some time I've been seen some problems with the issue that the app runs inside an iframe. So third party cookies cannot be set. For IE I use a P3P header which as mitigated the problem somehow.
But the whole thing is very confusing. I'm on Snow Leopard.
For example:
With Safari 5.1.1 I have set "Block cookies from third parties and advertisers." The application works ok and it can be used with no problems.
With Chrome 5.0.874 (very recent update) the option "Block third-party cookies from being set" was checked so the two main cookies that my app sets (app cookie and fbs_xxxx cookie) cannot be set so the app does not work since the user needs to authenticate all the time.
With Opera 11.52 there is no reference to third party cookies and the browser is set to "accept cookies only from the sites I visit". My app works ok with that setting.
With Firefox 7.0.1 my app works but I just couldn't find any setting that deal with cookies. Just to delete them.
So apparently my problem is with Chrome but the same setting works with Safari. So I'm really confused.
Is asking the user to allow third party cookies the only solution to this problem?
Thanks.
UPDATE ON MY CURRENT WORKING SOLUTION
I did some extra research and tests. I did try to use Rails alternative methods of session storage. By default they are stored in a cookie but you can store session data in memory, db, etc. But it is not enough because it still uses a cookie with a pointer to the alternative storage you select.
In the end I set some info the the url that allows me find the identity of the current logged in user, get the user and manually sign in that user with Devises sign_in method. I don't like it too much but now I can block third party cookies and still works. I will later on make a change and instead of having the real info there I will have a key to a memcached entry from where I'll get the user (previously set), after all only my app should have access to that memcached server.
Thanks.
If you want to use first or third-party cookies (or both) with Facebook, you'll need to install a Facebook pixel code on your website. Pixel code is a snippet of JavaScript that enables the cookies to work.
Third-party cookies follow you around the web, but they have no impact on user experience. This is why you should always block third-party cookies if given the option. Third-party cookies are also known as tracking cookies, because they “track” your behavior to serve more relevant ads to you.
Yes, other companies use cookies on the Meta Products to provide advertising, measurement, marketing and analytics services to us, and to provide certain features and improve our services for you.
Third-party cookies work by embedding JavaScript from one website into another. This enables them to transfer the habits of a user across multiple websites. Third-party cookies accumulate data gathered between browsing sessions and map a clear picture of the user.
If cookies cannot be set then set a session ID on the end of the url.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With