2

Facebook's PHP SDK can decode signed_requests that are passed to the app via POST, or stored in a cookie, but the SDK itself does not actually set a cookie for the signed_request to be persisted.

Instead, the PHP SDK defers cookie setting to the Javascript SDK, an approach that has issues. (Safari and other browsers by default do not allow the Javascript SDK to set cookies for canvas apps.)

I have created my app so that it sets a cookie containing the signed_request but am interested in why the PHP SDK does not handle this? I'm wondering if it is perhaps for security reasons, but I can't possibly see how.

Peter Horne
  • 6,472
  • 7
  • 39
  • 50

1 Answers1

0

I think this is because code written on the php sdk runs at server side. It does not depend on what client the user is using to send the request to your server. It can be a browser, it can be a desktop app, or it can even be coming from a remote server.

So, the PHP SDK does not handle this.

Eddy Chan
  • 1,161
  • 1
  • 8
  • 15