Session affinity not maintained with HTTP requests from IFrame in a canvas Facebook application

I am migrating a Facebook canvas application from FBML to iframe based.

The Facebook client class that is used to communicate with Facebook APIs is placed in the HTTP session for the first time user accessed my application. For subsequent requests, I retrieve the Facebook client object stored in the session and communicate to facebook.com with the same client.

There are two types of Facebook canvas applications, that is, applications within facebook.com.:

1. FBML version
2. iframe version

The FBML version of the application maintains session affinity, that is, the same session object is used by the application server for requests from same Facebook user.

Hence, I am able to retrieve the Facebook client placed in the session and use the same, but in case of an iframe based canvas application, that is, the application is displayed within an iframe, the same session object is not used but each time a new session is created 开发者_如何转开发and hence the Facebook client that I placed earlier vanishes.

No session affinity is maintained and new sessions keeps getting created. On further inspecting the cookies, it is found that the cookie named JSESSIONID is not available in HttpServletRequest object in case of iframe canvas application.

Dump of cookies and session taken for consecutive requests from the Facebook application to my server:

FBML APP:
--------------------Cookies-------------------
JSESSIONID==6E8792ADDF2AF192BF71864C353DE8E5==null
----------------Session-----------------
Session ID : 6E8792ADDF2AF192BF71864C353DE8E5
Creation time : Thu Sep 08 16:36:19 IST 2011
--------------------Cookies-------------------
JSESSIONID==6E8792ADDF2AF192BF71864C353DE8E5==null
----------------Session-----------------
Session ID : 6E8792ADDF2AF192BF71864C353DE8E5
Creation time : Thu Sep 08 16:36:19 IST 2011

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

IFrame App:
---------------------------------------------

--------------------Cookies-------------------
null
----------------Session-----------------
Session ID : D03845C95FC49E79EF7EED1FE8377799
Creation time : Thu Sep 08 16:39:09 IST 2011

--------------------Cookies-------------------
null
----------------Session-----------------
Session ID : 7466CDB69784FA10C570122BC866DB14
Creation time : Thu Sep 08 16:39:19 IST 2011
--------------------Cookies-------------------
null
----------------Session-----------------
Session ID : 4A23EA79AF929E6C2BD4114173AB250F
Creation time : Thu Sep 08 16:39:45 IST 2011

It is due to this issue the session affinity is not maintained. But I am not able to reason out why this is happening. I am using Struts 2 and plain servlets. The solution would be to enable a iframe canvas application to maintain session affinity, that is, return the JSESSIONID cookie with every request. What should I do or are there alternative solutions?

---

In order for the session cookie to be preserved in an iframe you need to add the HTTP header P3P. I do not know the exact value, but the following found on the Internet worked for me.

httpResponse.setHeader("P3P","CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'");