Use a Frame-Busting Redirect To Authorize Facebook Applications
Note: This article was originally written on reich-consulting.net. Reich Web Consulting has narrowed its focus to the web and no longer offers tech support services, so we’ve moved all of our tech support content off-site. We hope you find this article useful. It is provided as-is, and we will no longer provide support on this topic.
When you begin developing for Facebook, one of the first trick’s that you’ll learn is how to check for a Facebook session and how to redirect the user to the Facebook login page if they aren’t logged in or haven’t authorized your application. Usually that code looks something like this:
If you’re developing an Iframe-based Facebook application (soon to be the only option since FBML has been deprecated), you’ve got a real problem: The redirect will happen within your application’s IFrame, with the actual login page content hidden within the frame. You’ll recognize the problem because it will look a little something like this:
[caption id=”attachment_493" align=”aligncenter” width=”300"]
This is what happens when you redirect to the login page within a Canvas-based Facebook application.[/caption]
printf("top.location.href= \"%s\";\n", $_SERVER['PHP_SELF']);