[Seaside] retaining a session across redirect - a retooling of yesterday's question..

Jon Paynter kittle31 at gmail.com
Thu Oct 4 16:59:29 UTC 2012


On Thu, Oct 4, 2012 at 8:32 AM, sergio_101 <sergio.rrd at gmail.com> wrote:

> okay, so i have verified a few things about my components. mainly,
> that if i set a value for a session variable on initialization of the
> component, the value sticks, so this is not the problem..
>
> the problem lies in the way i have to authenticate via facebook.
>
> here's how the authentication works:
>
> 1. facebook loads my app via an iframe.
> 2. if the user has not authorized my app, i redirect to facebok's
>    oauth page.
> 3. if the user authorized the app, facebook forwards the user to the
>    url i provide in the redirect. when it does this, it sends a POST
>    with my oauthToken.
>
> here's how i am doing this...
>
> in SBMain's renderConententOn method, i check the session for
> oauthToken.
> if it doesn't exist, i render a method:
>
> renderAuthorizeCheckOn: html
>    html
>      html:
>          '<script>window.top.location.href
>         ="
> https://graph.facebook.com/oauth/authorize?client_id=CLIENT_ID&redirect_uri=http://APP_URL&scope=user_about_me
> ";</script>'
>
> once this has been accepted, i process the POST, and set my session
> variables.. then, it continues with the render cycle..
>
> inside the method that sets the session's oauthToken variable, the
> values of the session check out i can indeed inspect the session and the
> instance var, and it is set.
>
> once the user is redirected back to my app (via the url sent over in
> the renderAuthorizeCheckOn method, the app is loaded up again, but
> this time, it has no session.
>
> so, i think at this point, i need to figure out how to make sure that
> once the app is hit by a user via facebook (and iframe), is redirected
> to facebook for authorization, and then redirected back to my app,
> that my app uses the same session for the entire interaction.
>
> anyone have any ideas?
>

What parameters are available from facebook?  is there a way to add a
custom token/value/etc to post you get back from facebook?  If so, you can
use that to look up the correct user session.  Or is there some existing
facebook-user value you can use for a lookup?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.squeakfoundation.org/pipermail/seaside/attachments/20121004/9b45f9c7/attachment.htm


More information about the seaside mailing list