Facebook/Drupal Authorization Loop

Well, I noticed the same problem. I was logged in on my (development) site. When logging out, the site sometimes comes in this indefinite loop. But I don't know the reason. I don't have any drupal for facebook blocks on my pages. I only pasted code to have a facebook button on the login page.

$form['fb_connect_button'] = array(
'#type' => 'markup',
'#value' => 'Connect with Facebook',
'#prefix' => '

',
'#weight' => 4, // LOG IN button weight is 2.
);

drupal_add_js(array('fb_connect' => array('destination' => url('facebook-login'))), 'setting');

we can't read the markup unless you use <code>.

Do you get the infinite redirect without this drupal_add_js(array('fb_connect' => array('destination' => url('facebook-login'))), 'setting');

Do either of you have the global redirect module enabled?

I experienced this on a fresh install of a facebook connect login implementation, and traced it to Boost by disabling modules one by one. After reading the DFF readme all the way.

Details to reproduce:

- Drupal 6.15 as of 2/10
- Latest DFF as of today
- Boost: use the out of the box parameters, don't change anything
- Create a facebook app at facebook and the app node in drupal per the instructions. Make sure it's auto-configuring correctly.
- Set the default theme to bluemarine (and make it facebook aware with the namespace declaration, etc)
- Put the DFF login block for the facebook app on every page, under the normal login block
- Create a node ('hello world') and set it to be the site home page

Now try to log in at the home page through the facebook app. Infinite loop. You'll also get a variety of other interesting infinite loops on logout cases if you play around with it.

Disabling the Boost module solves the immediate problem. But someone with more experience with facebook apps than I might say whether there is a way to keep Boost and sort this out. I suspect that might be an issue on a bluemarine-style theme with the login box on basically every page.

Had same problems, lots of redirection.

Something may be wrong with the cookies i guess.

The most fury that after i removed my application from my user on FB, disabled sandbox mode,
and deleted browser cookies, i connected to my site, and the system logs me as the drupal administrator
user, not my facebook user.

Is that how its supposed to be?

If you are logged into drupal, as administrator or any registered user, then click the facebook connect button or authorize the app on facebook, Drupal for Facebook will map your facebook account to the registered user instead of creating a new local account. Possibly that's what you did?

But if you've really deleted all cookies, you should not be logged into your site or into facebook.

As for the infinite redirects, I still have not been able to reproduce it. I haven't tried boost module. And people report the global redirect module can cause this sort of thing, too. I think the bugs lie in those modules and not Drupal for Facebook, but if someone can show me a simple way to reproduce or a patch that solves the problem I'll consider it.

This is happening for me too - using both beta2 release and a dev release from 2/22/2010. Seems to me this is related to the facebook session expiring. If it happens with caching turned on it can appear to be related to boost or even normal facebook caching. Thought I had it solved when disabling these caches seemed to fix it ...but it keeps coming back if I step away for a few hours with a logged in account and click either reload or try to logout of fb_connect. Clearing cookies temporarily fixes it. I can verify that I'm seeing the same codeblock from ahansen1's post repeat over and over.

Tracked it back to:

FB_Connect.statusHandle = function(e, data) {
  if (data.changed) {
    // Status has changed, user has logged in or logged out.
    var destination = Drupal.settings.fb_connect.destination;
    if (destination) {
      window.location.href = destination;
    }
    else {
      window.location.reload();
    }
  }
};

This is always reaching the 'no destination' path and reloading the page. Is this function hoping something will automatically happen to logout the user on the next go-round when this happens?

It's super-annoying that facebook forces these cookies on connect sites and gives us no way to get rid of them. At least there's none that I know of.

The "something will happen automatically" that the function is hoping for is that the cookies go away when they're no longer valid.

When Drupal's PHP executes, it sees the cookies, initializes facebook api and facebook api indicates the user is known. The facebook ID is stored as Drupal.settings.fb_connect.fbu. Then in the javascript the FB_Connect.on_not_connected() is called. Since drupal has processed the page as if the user is logged in, a refresh is in order. But that refresh kicks off an infinite loop, it appears.

Does this happen even with all caching off? Why am I not seeing it?

Maybe grasping at straws here... Can you test this patch?

Index: fb_connect.js                                                            
===================================================================
--- fb_connect.js       (revision 2209)                                         
+++ fb_connect.js       (working copy)                                          
@@ -69,9 +69,13 @@
     if (destination) {                                                         
       window.location.href = destination;                                      
     }                                                                          
-    else {                                                                     
+    else if (data.fbu) {                                                       
       window.location.reload();                                                
     }                                                                          
+    else {                                                                     
+      // Does calling logout here prevent infinite loop?                       
+      FB.Connect.logout(window.location.reload());                             
+    }                                                                          
   }                                                                            
 };                                                                             
                                                                                

The fact that Drupal.settings.fb_connect.fbu=<myfbid> means the page was loaded as if you are a known user, connected to facebook. The fact that FB_Connect.fbu=0 means the javascript has detected that you are actually not logged into facebook. Because the two are different, the page must be reloaded.

I don't yet have a solution, but I have now reproduced the problem. Thanks for the added details.

Anyone know how to delete cookies from javascript?

Any luck on this?

No, no luck. It's been posted about in the forums...

http://forum.developers.facebook.com/viewtopic.php?id=34406

http://forum.developers.facebook.com/viewtopic.php?id=34766

I read the posts on the facebook forum and seconded the requests.

Since this issue seems to be isolated to users who have de-authorized the corresponding fb app, is there a way we could make better use of the 'FB_APP_EVENT_POST_REMOVE' event to escape this loop?

Just a thought...

I just don't know of any way to get rid of those cookies. There's possibly a way, outside the facebook APIs. But I don't know what it is.

And it happens when a session times out, not just when de-authorized.

subscribe

+1

I found this and my problems do indeed seem to be in IE but I have not actually proven this to be the case. My hosting service sent me a warning that I had exceeded my server usage...which I have to attribute to this module. I had asSumed a misconfiguration on my part but now I am not so sure. I am not sure if this helps or where to put it, but for what it is worth:

"Here all you need to do is put in: Delete_Cookie('cookie name', '/', '') and the cookie will be deleted. Remember to match the cookie name, path, and domain to what you have it in Set_Cookie exactly, or you may get some very hard to diagnose errors.
WARNING: Do not assume the Cookie has actually been deleted during that session, both Opera and IE have in some of their browser versions maintained the cookie until you restart your browser even if you have deleted it in the script. If script functionality depends on the delete action having happened, make sure you do another Get_Cookie test on the deleted cookie to make sure it's actually deleted.
Sample Page Code for Javascript Cookies

<script type="text/javascript">
// remember, these are the possible parameters for Set_Cookie:
// name, value, expires, path, domain, secure
Set_Cookie( 'test', 'it works', '', '/', '', '' );
if ( Get_Cookie( 'test' ) ) alert( Get_Cookie('test'));
// and these are the parameters for Delete_Cookie:
// name, path, domain
// make sure you use the same parameters in Set and Delete Cookie.
Delete_Cookie('test', '/', '');
( Get_Cookie( 'test' ) ) ? alert( Get_Cookie('test')) :
alert( 'it is gone');
</script>

I've submitted an issue to facebook's queue: http://bugs.developers.facebook.com/show_bug.cgi?id=9029

... where they can ignore it completely.

It might help to have a consistant way to reproduce the problem. I can't find one. If anyone knows how to reproduce this every time, please let me know.

This may be related: http://bugs.developers.facebook.com/show_bug.cgi?id=7697
The most voted for bug with the keyword: loop :)
http://bugs.developers.facebook.com/buglist.cgi?quicksearch=loop

Dave, in comment #12 you said you've reproduced this. Then in #20 you say you can't. Can you or can't you?

We desperately need a work-around soon, we can't afford to wait for Facebook to fix this. Can we count how many times the app has automatically reloaded the same page for the user? There must be something that can be done.

I have seen it. When I posted that comment, I had my machine in that state. I could edit the fb_connect.js, for example to add an alert each time through the loop.

But I cannot make it happen on demand. I don't know exactly how I got it into that state, and I haven't seen it since.

I am experiencing this problem as well when normal caching is enabled. Quite annoying and a critical bug IMHO.

What are your settings on the facebook application node? Specifically have you designated the "primary" facebook connect app? And do create a local user when app is authorized?

We are building a site with facebook as enduser identification. During development we started experiencing this phenomena quite often. It seemed that facebook and drupal had different timeouts for the their session, especially in a way that facebook timed out faster. (perhaps this is something we need to fix on our product aswell).

My guess is that this caused a situation where user would be logged into drupal but not to facebook and when accessing pages where we have modules like "show facebook friends" etc would not be able to access the facebook for user's info -> hence it would try to reload it forever. I was able to stop the loop by opening a new tab in the browser and relogging to facebook.

This happened quite a lot with my laptop which goes to sleep mode and once i return, voila. I'm sorry i can't offer any definite technical details other than some module lists. We installed just the facebook module update so i'll be back in few days to report wether that fixed the problem (as there are some comments in the release notes on improving session handling).

It's naturally our common interest to get this sorted out so if there's some data or testing help, just ask.

drupal 6.15 & Modules

pathauto
pollfield
admin_language
advpoll
simplenews
cck
simplenews_register
date
devel
fb
token
fckeditor
views
votingapi
jquery_update
webform
webformblock
mollom
wysiwyg

this may fix it!

(thanks to aronmalkine for the extra details about how to reproduce)

I believe this is fixed. Checked in the patch above for inclusion in beta4.

If the above fix doesn't work, as it didn't for me, make sure that the RewriteRule in your-domain.com's .htaccess file isn't redundant with settings.php's $base_url. If they're redundant, you'll get an infinite loop.

See this node: http://drupal.org/node/741796

In sites/default/settings.php, you will have:$base_url = 'http://www.MY-SITE.com'; // NO trailing slash!

DON'T list the base URL as$base_url = 'http://www.MY-SITE.com/subfolder';

I'm noting this here because redirect loops seem to be a big problem for fb module users. For several days, I thought that this was an issue with one of my modules, since it only became a problem when I tried to connect to facebook via the modules. I'm a coding novice, so the logic loop between settings.php and .htaccess was not obvious.

Thanks for the awesome module!

Hey I even encountered the really hard to reproduce case yesterday. While I had it going, I was able to find some javascript that deletes the bogus cookies that are sometimes left behind.

I think it's safe to say this is truly fixed, in the dev release and beta 5 (when it comes out).

I was having this same problem with my iFrame app (no Canvas, just pure iFrame): As an FB user, when submitting any form like node creation or comments (but not Views filters, those work fine), I get into an infinite reload of the result page.

Today I get up to try the new dev version as per #30, but something has changed before I even have a chance to try that: Now anytime I submit a form I get an 'Access Denied' page and I am no longer logged into the Drupal site. If I reload the page, then I am back at the form I was at previously: if it was a node form, the node create seems to have gone through, but if it's a comment submission, then the comment was NOT created/posted.

I installed the new dev version 2.x-dev, March 14, but I'm not seeing any difference. Again, this wasn't happening last night; it started today.

I am not using base_url in settings.php, as per #29, so that issue isn't relevant for me.

I can create a new issue for this, but seeing as the 'Access Denied' seems to have replace the 'infinite reload', I thought I would post here, first.

Please submit a new issue, as this has to do with connect pages, not canvas pages.

In the new issue post what you see in the dff devel block.

You got it. Will do.

I'm still experiencing this issue using the dev release from April 20 2010. I've tried all the solutions presented but once I connect via facebook (without tieing that to an existing drupal account) my page continues to reload displaying each of three different facebook connect states in the main block. So for example the first page load shows me as logged in and gives me the log out button but with a blank avatar image, then page reloads and shows my FB avatar and log out button, then page reloads and shows original "connect" button.

Previous to trying the dev release I was using the rc1 release.

I've tried deleting all cookies, checking settings on both FB app and drupal FB app pages. Deleted all previous FB accounts in my drupal database.

Any ideas here? Thanks!

I have similar loop problem, I have selected option to create new account with mapping

When user click CONNECT WITH FACEBOOK, user is logged in and logged out after 2 seconds then logged in back again after 2 seconds and then he can browse the website without further log in loop

Just wanted to add the results of my own tests to this one : I found that the problem occurs for me if block caching is active on Administer >> Site configuration >> Performance when using the Facebook login as a block. This "jams" the cookie clearing process by serving the cached block once again.

Also, I had to disable the Boost module to prevent a similar issue (but am not sure what causes this conflict with Boost).

..Wrong thread. Sorry.

The problem is happening on my fresh install. I installed again afresh after uninstalling the previous DFF to see if this would go away. It isn't. So here are the issues:

1. FB connect is going into a loop on login
2. If you try loading up the app page in the browser, the site shows up in the iframe briefly, and then the loop kicks in, resulting in a white screen.

This is on the latest 3.x version. The site is second7.peppervillage.net, which still shows the login loop problem. The app is srinikas. Both are set up purely as test deployments for me to better understand the DFF modules.

Any help or advice is greately appreciated.

Thanks
Srini

I had loop problem when update from the 2.x to 3.x versions.
Clearing Drupal's sessions table fixed it for me:

truncate sessions;

yes, Dasha_V, that worked.

Thanks
Srini

Subscribing. I'm getting a looping in 3.x-dev version right now.

This thread has been around a long time, and I'm sure there have been multiple causes and fixes along the way. Recently, facebook has made some changes to its canvas page signatures. For example, adding the signed_session parameter and json encoding the older session parameter (thanks, facebook, for that pleasant surprise). For connect pages, I wouldn't be surprised if that's changed as well, but I'm not sure exactly. Session handling is tricky enough, it doesn't help to have these unexpected changes and multiple "migrations" settings which make facebook send the apps different values.

Anyway, I've just checked into CVS (HEAD a.k.a. 6.x-3.x-dev) multiple changes which hopefully fix these issues. If you can still reproduce the problems with the latest, post details here. If you can reproduce the identical problem on http://drupalforfacebook.org, even better. That site and http://apps.facebook.com/drupalforfacebook are using the latest code. If the problem appear there, it will be easier for me to track down.

P.S.

When you get the latest modules/fb, also get the latest facebook-php-sdk from facebook! Update them both.

drupalforfacebook.org is running with all the "migrations" enabled.

I'm reporting that the upgrade to the latest 6.x-3.x-dev and latest facebook-php-sdk seems to have resolved my looping issue. Thanks Dave.

hi!,

here is what i did to overcome this issue. (i'll just paste the code). basically i just wanted to bypass the cache (i use an authcache & memcache solution):
(modifications are made in fb_connect.module), & i use 6.x-2.0-rc2:

somewhere after line 64:

// this goes in hook_menu() :
// anti-loop issue fix:
$items['fb_connect/js/fbconnectalf.js'] = array (
  'page callback' => '_fb_connect_antiloop_fix',
  'type' => MENU_CALLBACK,
  'access callback' => TRUE,
);

define the function:

/**
 * Anti-loop fix:
 */
function _fb_connect_antiloop_fix() {
	if ($uid = $GLOBALS['user']->uid && module_exists('fb_user')) {
    	$session_start_url = url(FB_CONNECT_PATH_SESSION_START);
    }
	$aFBConnect = array (
		'front_url' => url('<front>'),
        'fbu' => fb_facebook_user(),
        'uid' => $uid,
        'in_iframe' => fb_is_iframe_canvas(),
        'session_start_url' => $session_start_url,
        'session_end_url' => url(FB_CONNECT_PATH_SESSION_END)
	);
	header('Content-type: application/x-javascript');
	echo 'jQuery.extend(Drupal.settings, {"fb_connect":'.drupal_to_js($aFBConnect).'});';
	exit;
}

and finally, replace some code (i commented current code):

/**
 * This wrapper function around drupal_add_js() ensures that our
 * settings are added once and only once when needed.
 */
function _fb_connect_add_js() {
  static $just_once;
  if (!isset($just_once)) {
  	/*
    if ($uid = $GLOBALS['user']->uid && module_exists('fb_user')) {
      $session_start_url = url(FB_CONNECT_PATH_SESSION_START);
    }
    drupal_add_js(array(
                    'fb_connect' => array(
                      'front_url' => url('<front>'),
                      'fbu' => fb_facebook_user(),
                      'uid' => $uid,
                      'in_iframe' => fb_is_iframe_canvas(),
                      'session_start_url' => $session_start_url,
                      'session_end_url' => url(FB_CONNECT_PATH_SESSION_END),
                    ),
                  ), 'setting');
                  */
    drupal_add_js("fb_connect/js/fbconnectalf.js",'theme','header',FALSE,TRUE,FALSE);
    drupal_add_js(drupal_get_path('module', 'fb_connect') . '/fb_connect.js');
    $just_once = TRUE;
  }
}

one more thing: authcache gives an option to define paths that may not be cached, so i just added my .js's scripts's path. "fb_connect/js/fbconnectalf.js*" (the one defined in hook_menu)

hope this helps.

cheers!

spinicrus, thanks for sharing. but I still couldn't manage to get it work with firefox. but at least it goes blank everytime after logged in, back logged off when I refreshed the browser.. that's the only difference.

I think this is critical issue as Firefox is 2nd most used web browser after ie?

Same issue here, and #49 partially works: no more refreshes (not even under FF) but homepage, when logging in, is not refreshed and does not properly show the logged-in homepage.
The same happens when clicking the "connect with fb" button on any page: after the fb login, the page is loaded but not in the logged-in way. Only after an additional, manual refresh the page is shown properly.

Anyways, that seems to be a good patch!

Here's a patch I am currently testing. The idea is, instead of simply reloading the current URL, appending a parameter to the url including the user's facebook id. This should get around any problems caused by caching.

If you experience this problem, please apply this patch and let me know what if any effect it has.

Index: fb.js                                                                                                     
===================================================================
--- fb.js       (revision 2676)                                                                                  
+++ fb.js       (working copy)                                                                                   
@@ -36,18 +36,70 @@
 FB_JS = function(){};                                                                                           
                                                                                                                 
 /**                                                                                                             
+ * Helper parses URL params.                                                                                    
+ *                                                                                                              
+ * http://jquery-howto.blogspot.com/2009/09/get-url-parameters-values-with-jquery.html                          
+ */                                                                                                             
+FB_JS.getUrlVars = function(href)                                                                               
+{                                                                                                               
+  var vars = [], hash;                                                                                          
+  var hashes = href.slice(href.indexOf('?') + 1).split('&');                                                    
+  for(var i = 0; i < hashes.length; i++)                                                                        
+  {                                                                                                             
+    hash = hashes[i].split('=');                                                                                
+    vars[hash[0]] = hash[1];                                                                                    
+    if (hash[0] != 'fb_js_fbu')                                                                                 
+      vars.push(hashes[i]); // i.e. "foo=bar"                                                                   
+  }                                                                                                             
+  return vars;                                                                                                  
+}                                                                                                               
+                                                                                                                
+/**                                                                                                             
  * Reload the current page, whether on canvas page or facebook connect.                                         
  */                                                                                                             
 FB_JS.reload = function(destination) {                                                                          
+  // Determine fbu.                                                                                             
+  var session = FB.getSession();                                                                                
+  var fbu;                                                                                                      
+  if (session != null)                                                                                          
+    fbu = session.uid;                                                                                          
+  else                                                                                                          
+    fbu = 0;                                                                                                    
+                                                                                                                
+  // Avoid infinite reloads                                                                                     
+  var vars = FB_JS.getUrlVars(window.location.href);                                                            
+  if (vars.fb_js_fbu === fbu) {                                                                                 
+    return; // Do not reload (again)                                                                            
+  }                                                                                                             
+                                                                                                                
+  // Determine where to send user.                                                                              
   if (typeof(destination) != 'undefined' && destination) {                                                      
-    window.top.location = destination;                                                                          
+    // Use destination passed in.                                                                               
   }                                                                                                             
   else if (typeof(Drupal.settings.fb.reload_url) != 'undefined') {                                              
-    window.top.location = Drupal.settings.fb.reload_url;                                                        
+    destination = Drupal.settings.fb.reload_url;                                                                
   }                                                                                                             
   else {                                                                                                        
-    window.location.reload();                                                                                   
+    detination = window.location.href;                                                                          
   }                                                                                                             
+                                                                                                                
+  // Split and parse destination                                                                                
+  var path;                                                                                                     
+  if (destination.indexOf('?') == -1) {                                                                         
+    vars = [];                                                                                                  
+    path = destination;                                                                                         
+  }                                                                                                             
+  else {                                                                                                        
+    vars = FB_JS.getUrlVars(destination);                                                                       
+    path = destination.substr(0, destination.indexOf('?'));                                                     
+  }                                                                                                             
+                                                                                                                
+  // Add fb_js_fbu to params before reload.                                                                     
+  vars.push('fb_js_fbu=' + fbu);                                                                                
+                                                                                                                
+  // Use window.top for iframe canvas pages.                                                                    
+  destination = path + '?' + vars.join('&');                                                                    
+  window.top.location = destination;                                                                            
 };                                                                                                              
                                                                                                                 
 // Facebook pseudo-event handlers.                                                                              

I checked in the above code. I'm interested to hear if this is still a problem, but for now I will assume it is not.

I had the same problem using 6.x-3.x-dev (jun 2010) with infinite refresh loop, on login using fb-connect,
clicking on another link, it sometimes came out of that loop.
and then the user was logged-in... and happy :)

Then, I upgraded to the latest version dated 2010-Oct-05,
and followed this guide: http://drupal.org/node/761886
having no errors in reports/status

Now, there is an even bigger problem I can not login at all.

pressing on the "connect with facebook" button, but nothing happens, and there is no record in the access log.
can't use the devel-block since am not logged in

any idea ?

please don't report new problems in closed threads.

open firebug and look for javascript errors. If you still have a problem report a new issue.

This problem is hitting me with the latest fb code, and the latest facebook sdk...

Start logged out of both facebook, and the website.
Clear all cookies
Truncate the drupal sessions table

Go to the website and click on the fbconnect button
fill in the facebook login form that pops up
It then logs me into the site, and redirects me to the url with ?_fb_user_fbu=571281371 appended
It continually reloads the page.
Each time the page reloads, firebug shows an ajax request being made to /fb/ajax/session_change. Details of the ajax request and responce are:

Request headers:

User-Agent	Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept	application/json, text/javascript, */*
Accept-Language	en-us,en;q=0.5
Accept-Encoding	gzip,deflate
Accept-Charset	ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive	115
Connection	keep-alive
Content-Type	application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With	XMLHttpRequest
Referer	http://wwwexample.com/dashboard?_fb_user_fbu=571281371
Content-Length	535
Cookie	__unam=d9290ea-12be9cfc8e8-2f25f3a2-339; __utma=197322285.317247935.1288117752.1294309941.1294508417.10; __utmz=197322285.1290717273.5.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=drupal%20comment%20form%20remove%20homepage%20field; __utma=12881381.1197414321.1294498847.1294541296.1294574370.7; __utmz=12881381.1294498847.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); SESS35c352ebb7f213126ca3ae6504c59cdc=9901b2837f42ef3d4a9c8b6fc2a5f125; has_js=1; __utmc=12881381; __utmb=12881381.27.10.1294574370; fbs_cdbbb743dbf4ce9985ebaf51b664a1a1="access_token=141654829226220%7C2.wmnQW_04NQCwmP8bVrIy_A__.3600.1294581600-571281371%7CeJaCOuLcQsb8xv_XhWPN847-Jxo&base_domain=example.com&expires=1294581600&secret=PQnZz2LDw7yeR2_FgGNLag__&session_key=2.wmnQW_04NQCwmP8bVrIy_A__.3600.1294581600-571281371&sig=15b8983edc8f1d6489bfa65da73300fb&uid=571281371"

POST:

apikey: cdbbb743dbf4ce9985ebaf51b664a1a1
event_type: session_change
fb_controls: fb_user_no_redirect
fb_js_session	{"access_token":"141654829226220|2.wmnQW_04NQCwmP8bVrIy_A__.3600.1294581600-571281371|eJaCOuLcQsb8xv_XhWPN847-Jxo","base_domain":"example.com","expires":"1294581600","secret":"PQnZz2LDw7yeR2_FgGNLag__","session_key":"2.wmnQW_04NQCwmP8bVrIy_A__.3600.1294581600-571281371","sig":"15b8983edc8f1d6489bfa65da73300fb","uid":"571281371"}

response

[  ]

I do not have $base_url set in settings.php
I have all caching disabled

One thing to note, is that if the devel module is not enabled, it seems to work ok. If I enable the devel module, it breaks (as above).

When the devel module is not enabled, the ajax request to /fb/ajax/session_change actually has something in the response... it has this:

<br />
<b>Fatal error</b>:  Call to undefined function dpm() in <b>/var/aegir/platforms/commons/6.x-1.1/sites/all/modules/contrib/fb/fb.module</b> on line <b>1405</b><br />

So, Dave - I think those dpm statements need to go! Or, at least, do a function_exists() check before you call it.

Any dpm() outside of fb_devel.module got in there by accident. Sorry about that.

deleting it should solve the problem. I'll check in a fix tomorrow.

Sure, but it's not the dpm() statements that are the problem - they do make it *look* like its working if you don't have devel installed though (because with the dpm statements return an error in the ajax request, as opposed to the empty array you get when devel is installed and there is no error).

An empty array should not be a problem. If empty, fb.js will reload the page.

Yes, the empty array causes fb.js to reload the page. But every time the page reloads, the array is still empty, resulting in another reload, and another, and another... the infinite loop that is the talk of this issue!

All the data you posted looks correct, indicating that user 571281371 has connected. The problem would be that when the page reloads, it doesn't think the user is logged in.

When the browser refreshes the page, do you see the fbs_cdbbb743dbf4ce9985ebaf51b664a1a1 cookie in the header? Are you configured to reject third-party cookies?

when you say in the header, do you mean in the URL bar? If so, no I do not see that when it refreshes. I am not configured to reject 3rd party cookies.

Ok - got it...

Do NOT add your IP address to the whitelist in the Facebook application advanced settings.

Adding a few debugging lines into the FB_JS.sessionSanityCheck function in fb.js revealed that an error was being returned from Facebook when trying to check if the user is logged in:

This IP can't make requests for that application developer

Searching on the facebook developer forum indicated that the server whitelist functionality is actually busted - so don't use it!

:D

Thanks for the update.

I suppose in an ideal world, fb.js would log error messages. Or fb_devel.module would somehow detect errors like that if enabled. Patches along those lines are welcome. Otherwise, I'm flagging this fixed.

I have also experienced the Facebook/Drupal Authorization Loop problem. Even I tried to change the settings in 'Drupal for Facebook' module but without success to solve anything.

Instead I solved it by adding a new action 'Redirect to URL' (The URL to which the user should be redirected: user) and then assigning it in Trigger (Trigger: After a user has logged in). Doing that the trigger will "override" the Facebook/Drupal Authorization Loop and logging in new user via FacebookConnect.

I've hit this on 7.x too. It's looping infintly the fb/ajax/session_change callback

If you can reproduce consistently in D7, please explain how in a new issue.

I don't feel like re-opening this long thread, there is another D6 report: [#427436969]

me too... it loop infinity.... on 7.x

Hi!

Not sure if it's the same issue but my case goes like this:

* As a Drupal admin. I disabled the a user "X" that had FB connect.
* "X" then logged in to FB and came to my Drupal site.
* User "X" faced the redirects loop and got the "Can't open the page" message.

Different browsers give different error messages, but the reason is probably the same.

To make things worse. I just noticed that system had generated 2 more users with the same name with the _1 and _2 appendix.

Continuation in 7x #1380534: Facebook/Drupal Authorization Loop