I have an app that is simultaneously using restful_authentication and
rfacebook (0.9.8).
(I can’t use facebooker because it is completely incompatible with many
other modules).
restful_authentication works just fine along side those logging in using
facebook on the external site…
where things go south is within the facebook canvas, but I think this is
a rails session problem, hence I am posting here for help.
I get a callback showing facebook login worked:
Processing SessionsController#create_from_facebook [GET]
Session ID: ZZZ
Parameters: {“fb_sig_time”=>“1216501629.9969”,
“fb_sig_in_iframe”=>“1”, “fb_sig”=>“e5e413db3e28e76053e6cb29e004e
94c”, “action”=>“create_from_facebook”, “fb_sig_session_key”=>“yyy-xxx”,
“controller”=>
“sessions”, “fb_sig_expires”=>“0”, “fb_sig_added”=>“1”,
“fb_sig_api_key”=>“”, “fb_
sig_profile_update_time”=>“1215049916”, “fb_sig_user”=>“xxx”}
** RFACEBOOK INFO: Activated session from inside the canvas (user=xxx,
session_key=yyy-xxx, expires=0)
the user_id is stuffed into the current session at this point, and
current_user is set.
the app then redirects, and it appears the session is completely
switched (and lost) - i.e. at least the user_id stored is gone, and the
app gets into a infinite loop of redirecting back to login:
** RFACEBOOK INFO: Regular redirect_to
** RFACEBOOK INFO: Regular redirect_to
Redirected to http://themainsiteindex
** RFACEBOOK INFO: persisting Facebook session information into Rails
session
Completed in 0.00265 (377 reqs/sec) | DB: 0.00081 (30%) | 302 Found
Processing Controller#index [GET]
Session ID: NOT ZZZ ?
Parameters: {“action”=>“index”, “controller”=>“Controller”}
** RFACEBOOK INFO: Regular redirect_to
** RFACEBOOK INFO: Regular redirect_to
Filter chain halted as
[#<ActionController::Filters::ClassMethods::SymbolFilter:0x249b3c4
@filter=:login_required>
] rendered_or_redirected. <= failure is almost certainly due to the
session (and session[:user_id] being wiped out).
Note: if one logs in externally, and then goes to the internal app, it
works, which is very strange.
What is wrong, or how do I debug who is wiping out/changing my session?