How to properly handle session and access token with Facebook PHP SDK 3.0?

Question

In the PHP 3.0 SDK there is no getSession() or any session handling from outside the Facebook api available. Some days ago the developers of facebook have also

Answer 1

For starters, I would debug a little more. Log the contents of the requests. What’s stored in $_SESSION, what’s passed in $_REQUEST. Also, check if it’s a browser issue (is it happening regardless of the browser, or is there a pattern?)

But since fixing the cookie issue in IE (P3P header) helped, my guess is that there are some browsers left, that deny third party cookies. As far as I know, some versions of Safari and Opera does that by default. In addition, this error states that there was no access_token provided, as opposed to invalid or expired one.

You can test that by disabling third party cookies (using about:config in firefox for instance), deauthorizing your app (using the "Apps and websites" section on the bottom of Facebook Privacy settings), deleting cookies (related to your canvas URL) and then launching the application.

BTW, there’s always a possibility of facebook not returning access token even when it should, as described in bug 17236