Cookies

From Facebook Developers Wiki

Jump to: navigation, search

Facebook Platform supports HTTP cookies on application canvas pages. When a user visits an application page, Facebook sends an HTTP request to the application's callback URL. If the HTTP response includes any cookies, Facebook will parse and store them with the associated user and application. The next time a request is sent from the canvas page to the application, the unexpired application cookies stored for that user are sent with the request as well. Since the cookies are stored with the user's Facebook account, the user benefits from having that state present across browsers and machines. The cookie header looks like this:

HTTP Response: Set-Cookie: name=value; expires=Sat, 12-Jan-2008 23:15:55 GMT; path='/'; HTTP Request: Cookie: name=value;

A few points to note:

  • Cookies without an expires attribute expire after 24 hours.
  • Stored cookies are associated with the application ID and not with domain.
  • The path attribute is respected and evaluated relative to the callback URL of the application with which the cookie is associated.
  • Cookies can be associated even with the accounts of users who have not logged into your application.
  • You can set cookies only for Web applications; you cannot set cookies for desktop applications.
  • The cookie API calls do not require a session key.

Another important point to remember while using this functionality is performance. Since cookies are sent with every HTTP request, using cookies helps applications by not having to call the API for getting or setting that data and save that round-trip delay. However, depending upon the number and size of cookies, this can add a significant unnecessary overhead to the HTTP requests. To maintain a balance, you need to make a judicious decision about when to use cookie support. To alleviate big performance problems arising out of this, the maximum number of cookies you can set for a given application and user is 50.

We have added two API methods to access user's cookies:

For storing user data, you should choose between using the Data Store API, Preload FQL, and cookies judiciously.

Cookie support is currently in beta.

Retrieved from "http://wiki.developers.facebook.com/index.php/Cookies"