IE Redirection Problem inside Facebook Application's Canvas (IFrame) and Solution

When working in my Facebook java application that performs Facebook authentication through OAuth. I found a very weird behavior when configuring my application on Facebook and setting the application canvas type to “IFrame”.

My FacebookSignInServlet is just redirecting the user to the Facebook graph OAuth authorization URL[1] and appending the application callback servlet URL to the Facebook graph OAuth authorization URL. This scenario works fine on all the browsers except IE.

After digging in the problem, I found that the problem was due to an IE iframe redirection security issue.

How to resolve this issue?

In your FacebookSignInServlet, set the P3P header to “IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT” as follows:

response.addHeader("P3P",
"CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"");

And redirection will work without extra efforts from your side.

[1] https://graph.facebook.com/oauth/authorize

Redirecting the web application to its home page when session is timeout

One of the requirements that might be needed in web applications is redirecting the web application to its home page when the user session is timeout.

There are many approaches that can be followed to solve this problem, like using the JavaScript setTimeout() method to refresh the page every period of time and a servlet filter that check whether the session is expired to redirect the application to its home page.

Although this solution is applicable but will really induce massive amounts of stomach acid to the web application and to its maintaince.

After digging for a while in the problem, I found this smart approach; all what you should do is just place the following meta tag inside the <head> tag of your JSPs :

<meta http-equiv="refresh" 
content="<%= session.getMaxInactiveInterval() %>;
url=<your_login_page>.jsp">