Bug: Express session problem with iframe in facebook canvas app with IE
346 views
Skip to first unread message
Thomas
May 20, 2012, 6:39:33 AM5/20/12
to Express
Hi
I have a canvas app on facebook and I'm having a problem getting the
session cookie in my request.
It seems like IE only have this problem. Other browsers work well.
I set P3P='HONK' header and tried to set the cookies manually using
response.cookie('connectID', 'some value'); and it worked! However,
in the below case, things don't work:
app.use(express.session({
secret: 'gg4jklg54654k6j45kl45lgfkenj',
// connect-memcached is used to store sessions
store: app.sessionStore,
fingerprint: function(){ return ''; },
key: 'consid',
cookie: {
httpOnly: false,
// I tried the true value as well
secure: false,
expires: new Date(Date.now() + (3600000*24*8))
}}));
in m view function Im doing:
function(req, res) {
// this line doesn't set and cookie with the name consid
res.cookie('consid', req.session.id);
// This successfully sets the cookie with the name considddddd
res.cookie('considddddd', req.session.id);
res.render('home');
}
So that, any cookie has the name equals to the string used in express
session initialization code can't be set neither by the session
middleware nor manually. It works (manually only) when I change it as
in the second line.
BTW, I'm using https
I need the session middleware to be able to set the cookies as it does
with any browser!
This problem is in IE8,9 ONLY. And only in facebook canvas
application.
Thanks in advance
Thamas
I have a canvas app on facebook and I'm having a problem getting the
session cookie in my request.
It seems like IE only have this problem. Other browsers work well.
I set P3P='HONK' header and tried to set the cookies manually using
response.cookie('connectID', 'some value'); and it worked! However,
in the below case, things don't work:
app.use(express.session({
secret: 'gg4jklg54654k6j45kl45lgfkenj',
// connect-memcached is used to store sessions
store: app.sessionStore,
fingerprint: function(){ return ''; },
key: 'consid',
cookie: {
httpOnly: false,
// I tried the true value as well
secure: false,
expires: new Date(Date.now() + (3600000*24*8))
}}));
in m view function Im doing:
function(req, res) {
// this line doesn't set and cookie with the name consid
res.cookie('consid', req.session.id);
// This successfully sets the cookie with the name considddddd
res.cookie('considddddd', req.session.id);
res.render('home');
}
So that, any cookie has the name equals to the string used in express
session initialization code can't be set neither by the session
middleware nor manually. It works (manually only) when I change it as
in the second line.
BTW, I'm using https
I need the session middleware to be able to set the cookies as it does
with any browser!
This problem is in IE8,9 ONLY. And only in facebook canvas
application.
Thanks in advance
Thamas
Reply all
Reply to author
Forward
0 new messages