Supporting Subdomains In Facebook Connect

From Facebook Developer Wiki

Revision as of 19:01, 9 October 2009 by Pete Bratach (Talk | contribs)
(diff) ←Older revision | Current revision (diff) | Newer revision→ (diff)
Jump to: navigation, search

Many websites use more than one domain in their Web pages. These sites typically fall into one of two categories:

  • Subdomains: domains that share a common base domain. For example, www.foo.com, beta.foo.com, sf.ca.foo.com all share the same base domain, foo.com.
  • Separate domains: domains that don't share a common base domain. For example, www.foo.com and www.bar.com do not share a base domain.

With Facebook Connect, websites that share the same base domain can share the same API key and user session information. Websites that don't have a common base domain need to have separate API keys and user sessions. This article describes how you can specify a base domain for a site that has subdomains.

Specifying the Base Domain

For this example, let's assume your Connect application has the Connect URL set to http://www.foo.com/.

To allow all the pages on every subdomain of foo.com (like a.foo.com, b.foo.com, and so forth) to share the same Connect API key, you can set the Base Domain property of the application setting to foo.com. Setting the base domain has the following effects:

  • The Facebook JavaScript Client Library stores the session cookie on foo.com domain, allowing all subdomains to share the same cookie.
  • Facebook Server allows the Connect URL to be available to all subdomains of foo.com for purpose of passing login information, session information, and so forth.

Changing the document.domain Property

Some websites lower the domain of Web pages by setting the document.domain property to a base domain in JavaScript on their Web pages. This is typically done to allow JavaScript access between subdomains. For example, Web pages on a.foo.com and b.foo.com can communicate with each other if both pages contain JavaScript "document.domain = 'foo.com';", which lowers the domain to foo.com.

You need to be careful when changing the document.domain for a Facebook Connect site, as this setting affects how the Facebook JavaScript library communicates with the cross-domain communication channel page Facebook Connect uses.

Normally, an HTML page on your site and your site's cross-domain communication channel page have the same domain in their URL. However, if you lower a page's domain by changing the document.domain property, then you need to do one of the following to ensure that the page can continue to communicate with the cross domain channel page.

  • Set the document.domain property to the same value in the cross-domain communication channel page. It is important to set document.domain before the Facebook javascript import.
  • Specify a cross-domain communication channel page located on the lower domain. For example, if you set the document.domain property of http://a.foo.com to foo.com, then you should specify a cross-domain communication channel page on http://foo.com.
Retrieved from "http://wiki.developers.facebook.com/index.php/Supporting_Subdomains_In_Facebook_Connect"
reference